cobaltstrike | b4c680bfa5773b4e211c8e30cd2d508437f294ec88c48aa53dd925364146dd84

Analysis

max time kernel
142s
max time network
142s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
18/04/2024, 04:30

Target

b4c680bfa5773b4e211c8e30cd2d508437f294ec88c48aa53dd925364146dd84.exe
Size

19KB
MD5

fa2f38f280a7b8633dfc841409e83509
SHA1

ad733df86d0c917ee883dedbc11fe2ccb7d78524
SHA256

b4c680bfa5773b4e211c8e30cd2d508437f294ec88c48aa53dd925364146dd84
SHA512

f4d17a23c02a686c7fcbca0e3291c62fc4375e0621fe72119b797a4263719a4d2b4a417ad63e0f0f713d6609335e10e0402439b22aa21087219bc5072924b1b6
SSDEEP

192:3V7qaCF6Op1t2dobVXujRDcBaXWQjwOT/2UvpLAJgWF8qa1Dojjgi:hqaCF31cix+Dc4zjTvpklFF46gi

Score

10^/10

Family

cobaltstrike

http://114.55.232.33:8888/XTDm

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; BOIE9;ENUS)

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Users\Admin\AppData\Local\Temp\b4c680bfa5773b4e211c8e30cd2d508437f294ec88c48aa53dd925364146dd84.exe
"C:\Users\Admin\AppData\Local\Temp\b4c680bfa5773b4e211c8e30cd2d508437f294ec88c48aa53dd925364146dd84.exe"
1⤵
PID:1692

memory/1692-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/1692-1-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download