cobaltstrike | 49df6def611e513790864671948bf39e64267ed173ad50ec3adecec27a7b83c0

Analysis

max time kernel
147s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
29-04-2024 01:02

Target

2024-04-29_cfdbd859caec4b8c104891b01774f03d_snatch.exe
Size

3.2MB
MD5

cfdbd859caec4b8c104891b01774f03d
SHA1

fd8d40a49381802768a97ed1c8878f9bf0081e75
SHA256

49df6def611e513790864671948bf39e64267ed173ad50ec3adecec27a7b83c0
SHA512

59210e7afa802297ceadab2d18047caaa721ada8e1a92b8cd5411d71cf9fc64218e49160ffa28a3c0415c474560d08c11dc2d2886cca0a24d1e6a23689de6fef
SSDEEP

49152:ZIxI3RRvdrb/T0vO90dL3BmAFd4A64nsfJ/1jrnigvQwzq8lcMD19d41wifjdMWi:j3bjrmw2Id0FM2PcdN

Score

10^/10

Family

cobaltstrike

http://84.247.155.115:80/bU2t

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; MANM; MANM)

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Users\Admin\AppData\Local\Temp\2024-04-29_cfdbd859caec4b8c104891b01774f03d_snatch.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-29_cfdbd859caec4b8c104891b01774f03d_snatch.exe"
1⤵
PID:1468

memory/1468-0-0x00000169B88B0000-0x00000169B88B1000-memory.dmp

Filesize
4KB

Download