cobaltstrike | a3afb74b961f0b9b6e484166d61b92eb8ab2a41f0a88cc11f02c6b316ebee74f

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
31-03-2024 16:15

Target

58336a3811207c8d3f57709317b172e9_JaffaCakes118.exe
Size

328KB
MD5

58336a3811207c8d3f57709317b172e9
SHA1

221f507292989dbd52c3a26df4d3fb9f1d80af7a
SHA256

a3afb74b961f0b9b6e484166d61b92eb8ab2a41f0a88cc11f02c6b316ebee74f
SHA512

99b0ccc043f20339d82bcdd5634dfa4ea863fb466121c67c663c12247d1f442cc0868b4cdd06aba64e3684015aa364af9d2ffc8567f14b585efa79d97cd43b80
SSDEEP

6144:t4/za7ALmvWwG8iAPMS7BhJC0NNaHud0WiwmbiaPFpQva8yTVDzZ:C/+e9r6T7XQ0qONs2qFWvXyZ

Score

10^/10

Family

cobaltstrike

http://apt.freelinuxupdate.tk:2053/bootstrap-2.min.js

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0)

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Users\Admin\AppData\Local\Temp\58336a3811207c8d3f57709317b172e9_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58336a3811207c8d3f57709317b172e9_JaffaCakes118.exe"
1⤵
PID:2760

memory/2760-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/2760-1-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download