cobaltstrike | 40516869f63341f2c9a760ac0faa823a11168fdc0067beef413cd6ed9e858f07 | Triage

Submit
Reports

Overview

overview

Static

static

3

SecuriteIn...60.exe

windows7-x64

1

SecuriteIn...60.exe

windows10-2004-x64

Analysis

max time kernel
151s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20240319-en
resource tags

arch:x64arch:x86image:win10v2004-20240319-enlocale:en-usos:windows10-2004-x64system
submitted
30-03-2024 18:20

Sharing

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

SecuriteInfo.com.Win64.Malware-gen.28363.11760.exe

Resource

win7-20240221-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

SecuriteInfo.com.Win64.Malware-gen.28363.11760.exe

Resource

win10v2004-20240319-en

cobaltstrike backdoor trojan

windows10-2004-x64

1 signatures

150 seconds

Report Analysis Logs

General

Target

SecuriteInfo.com.Win64.Malware-gen.28363.11760.exe
Size

1.4MB
MD5

ce8e1592a4685f349136cb13c12e543f
SHA1

fbdccab7f53e063d53dc296c4f1eb7d236a97d46
SHA256

40516869f63341f2c9a760ac0faa823a11168fdc0067beef413cd6ed9e858f07
SHA512

f00b1d293abf8af9d5833e2b019884bfa9b0618db8172d55d0eb866dbce9f9ba0eecd0bedee0dbc45031abcc89e5ed141ee51f7dedd39f400726aeabb68cedc8
SSDEEP

24576:yse92KNwXkWxZiwdMeHRmXKNjhdAT2JSzrSQb92Jco0a:E2K8eexmyj/nCmwo0a

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://112.124.64.105:7894/Pr8c

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALC)

Signatures

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

Processes

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win64.Malware-gen.28363.11760.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win64.Malware-gen.28363.11760.exe"
1⤵
PID:4236

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=2940 --field-trial-handle=2264,i,1475924722205134884,16549311107360026087,262144 --variations-seed-version /prefetch:8
1⤵
PID:4936

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4236-0-0x00000287C7ED0000-0x00000287C7ED1000-memory.dmp

Filesize
4KB

Download

© 2018-2024

Terms | Privacy