cobaltstrike | 43d74a25721d1cfad18b41407d3ecd94b4c24c7aba5d34ab91a2393c9934ee74

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29/03/2024, 09:58

Target

43d74a25721d1cfad18b41407d3ecd94b4c24c7aba5d34ab91a2393c9934ee74.exe
Size

19KB
MD5

7ee41d177accae0001947f06f31884ba
SHA1

be12260cdb73dd4a449cafb6db98cb814b49318f
SHA256

43d74a25721d1cfad18b41407d3ecd94b4c24c7aba5d34ab91a2393c9934ee74
SHA512

a4c41a55489302734b457c665bc2cf714d8edd2a9b231573a5d24417a0cd60589e6107627b90762a1131d4ceb6efa8ce143570889438f6a466680b3ab0c6db29
SSDEEP

192:6V7qaCF6Op1t2dobVXujRDcBaXWQjwOT/2kjxLw0+WF8qa1Dojjgi:UqaCF31cix+Dc4zjBjmeFF46gi

Score

10^/10

Family

cobaltstrike

http://tools.trtyr.top:80/api/2

Attributes

user_agent
Host: tools.trtyr.top User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2; .NET CLR 2.0.50727)

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Users\Admin\AppData\Local\Temp\43d74a25721d1cfad18b41407d3ecd94b4c24c7aba5d34ab91a2393c9934ee74.exe
"C:\Users\Admin\AppData\Local\Temp\43d74a25721d1cfad18b41407d3ecd94b4c24c7aba5d34ab91a2393c9934ee74.exe"
1⤵
PID:1924

memory/1924-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/1924-1-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1924-2-0x0000000004210000-0x0000000004610000-memory.dmp

Filesize
4.0MB

Download