cobaltstrike | cc74f7e82eb33a14ffdea343a8975d8a81be151ffcb753cb3f3be10242c8a252 | Triage

Analysis

max time kernel
33s
max time network
38s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29-03-2024 11:42

Sharing

Report Analysis Logs

General

Target

C618.tmp.dll
Size

292KB
MD5

9abf8579ed3b6e5d3d43b408509a53db
SHA1

63ee039a478e23a505bc889cc74e7693ebe51891
SHA256

cc74f7e82eb33a14ffdea343a8975d8a81be151ffcb753cb3f3be10242c8a252
SHA512

878add89cc7fc1d88f66c0704a66c202191382e4206e6e156f5bf0205d9b136d341c38686dc7d4a36615cfc45937841b30bcbc1b1036084bcce2e8501c6903ce
SSDEEP

6144:lV9H07z+CLXF0AYlHsGSD5E4Ck2oh66/px:lzHqtLyAtG0Ck2ozv

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://217.12.218.46:80/YPbR

Attributes

user_agent
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko

Signatures

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

Blocklisted process makes network request 31 IoCs

Processes:

rundll32.exe

flow	pid	process
13	3504	rundll32.exe
15	3504	rundll32.exe
16	3504	rundll32.exe
17	3504	rundll32.exe
18	3504	rundll32.exe
19	3504	rundll32.exe
20	3504	rundll32.exe
21	3504	rundll32.exe
22	3504	rundll32.exe
23	3504	rundll32.exe
24	3504	rundll32.exe
25	3504	rundll32.exe
26	3504	rundll32.exe
27	3504	rundll32.exe
28	3504	rundll32.exe
29	3504	rundll32.exe
30	3504	rundll32.exe
31	3504	rundll32.exe
32	3504	rundll32.exe
33	3504	rundll32.exe
35	3504	rundll32.exe
36	3504	rundll32.exe
37	3504	rundll32.exe
38	3504	rundll32.exe
39	3504	rundll32.exe
40	3504	rundll32.exe
41	3504	rundll32.exe
42	3504	rundll32.exe
43	3504	rundll32.exe
44	3504	rundll32.exe
45	3504	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\C618.tmp.dll,#1
1⤵
- Blocklisted process makes network request
PID:3504

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3504-0-0x000001C8AA9E0000-0x000001C8AA9E1000-memory.dmp

Filesize
4KB

Download