cobaltstrike | 0d83ef273cbac627473334f5c8503b9c47fc1eabc2358daccf0fc405ad158701

Analysis

max time kernel
149s
max time network
154s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
20-04-2024 15:17

Target

0d83ef273cbac627473334f5c8503b9c47fc1eabc2358daccf0fc405ad158701.exe
Size

19KB
MD5

61f552a84f83da81773017eee0bab86d
SHA1

278181f8ebb4a30f59f19038e7932ff929a8e149
SHA256

0d83ef273cbac627473334f5c8503b9c47fc1eabc2358daccf0fc405ad158701
SHA512

cdc4dd5f3268ba03ca5ac9d9f5359d1a5e4c7b705dd1ff4f0f96ebd65651d772886f762b40b8b6167d6281106adb219b1371996ce927beb49e3f6304d18751a5
SSDEEP

192:IV7qaCF6Op1t2dobVXujRDcBaXWQjwOT/2RAhWF8qa1Dojjgi:6qaCF31cix+Dc4zj3cFF46gi

Score

10^/10

Family

cobaltstrike

http://43.143.181.137:80/u4Sa

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MATM)

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Users\Admin\AppData\Local\Temp\0d83ef273cbac627473334f5c8503b9c47fc1eabc2358daccf0fc405ad158701.exe
"C:\Users\Admin\AppData\Local\Temp\0d83ef273cbac627473334f5c8503b9c47fc1eabc2358daccf0fc405ad158701.exe"
1⤵
PID:2956

memory/2956-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/2956-1-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download