cobaltstrike | 5afac4d8b9c9a34161277a6cc7b74d500ad54ce3ac228cb4ce92199d29401f12

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2024 09:27

Target

5afac4d8b9c9a34161277a6cc7b74d500ad54ce3ac228cb4ce92199d29401f12.exe
Size

19KB
MD5

efa6261d4e11d6b744303fad0cc66069
SHA1

5fed5339e2393fe85d3dcfb0f152fad263fcc640
SHA256

5afac4d8b9c9a34161277a6cc7b74d500ad54ce3ac228cb4ce92199d29401f12
SHA512

35cc7d8fb59874c58b24ef7a3b8ae798f8b1a22f6c95e67ee768a5f0ac2e366512ccc694ca3a63f145bad3b43385d1e740af83760a6224ccb86e268ede096011
SSDEEP

192:iV7qaCF6Op1t2dobVXujRDcBaXWQjwOT/2NRVEOxRWF8qa1Dojjgi:sqaCF31cix+Dc4zjC6OiFF46gi

Score

10^/10

Family

cobaltstrike

http://192.168.100.1:80/f6Tm

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENGB)

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Users\Admin\AppData\Local\Temp\5afac4d8b9c9a34161277a6cc7b74d500ad54ce3ac228cb4ce92199d29401f12.exe
"C:\Users\Admin\AppData\Local\Temp\5afac4d8b9c9a34161277a6cc7b74d500ad54ce3ac228cb4ce92199d29401f12.exe"
1⤵
PID:2532

memory/2532-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/2532-1-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download