cobaltstrike | 4bfebd6269d81de5d3719309a3a71d2637deb1d48fa340b6ce7b53e47bcc1a40

Analysis

max time kernel
150s
max time network
153s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
17-04-2024 04:16

Target

4bfebd6269d81de5d3719309a3a71d2637deb1d48fa340b6ce7b53e47bcc1a40.exe
Size

19KB
MD5

47cbfb3e162e4302053a5ec5415e6eb4
SHA1

eba4c613122536b426c21b03abdfe96437e82637
SHA256

4bfebd6269d81de5d3719309a3a71d2637deb1d48fa340b6ce7b53e47bcc1a40
SHA512

176834b54754bc7bb0fdd92e645fe808238b154f14a1a74cbf2b893fac9116b570c872e4dd29e7f7c95e3f651c42d23dfbe9a469fb5af019db5b046d45711dc2
SSDEEP

192:eV7qaCF6Op1t2dobVXujRDcBaXWQjwOT/2XYEWF8qa1Dojjgi:oqaCF31cix+Dc4zjwYxFF46gi

Score

10^/10

Family

cobaltstrike

http://199.180.119.62:2333/x6hG

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Trident/6.0; Touch)

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Users\Admin\AppData\Local\Temp\4bfebd6269d81de5d3719309a3a71d2637deb1d48fa340b6ce7b53e47bcc1a40.exe
"C:\Users\Admin\AppData\Local\Temp\4bfebd6269d81de5d3719309a3a71d2637deb1d48fa340b6ce7b53e47bcc1a40.exe"
1⤵
PID:2228

memory/2228-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/2228-1-0x0000000003BE0000-0x0000000003FE0000-memory.dmp

Filesize
4.0MB

Download
memory/2228-2-0x0000000000500000-0x0000000000556000-memory.dmp

Filesize
344KB

Download
memory/2228-3-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2228-5-0x0000000000500000-0x0000000000556000-memory.dmp

Filesize
344KB

Download