cobaltstrike | b87a1e6329c3cc7da3688493e291bc6e3b58a5f3185dbcb14af73f1c77aab981

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
24-05-2024 16:39

Target

b87a1e6329c3cc7da3688493e291bc6e3b58a5f3185dbcb14af73f1c77aab981.exe
Size

19KB
MD5

244dd20c5329fafc147a19536b8ae0d9
SHA1

f624a72cebc86b8a0a18f0bfe48b03da9da750eb
SHA256

b87a1e6329c3cc7da3688493e291bc6e3b58a5f3185dbcb14af73f1c77aab981
SHA512

9c06d32c75bba25e5a1d08225b379b9ab619d434a80977d30184f9e1fb525ed0f306fe823324910fe4ffb6666ca1e5941658277c8bd6d206751b3390aa634ba9
SSDEEP

192:CV7qaCF6Op1t2dobVXujRDcBaXWQjwOT/2wxoeQWF8qa1Dojjgi:MqaCF31cix+Dc4zjB1FF46gi

Score

10^/10

Family

cobaltstrike

http://192.168.85.147:80/q2tF

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MASP)

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Users\Admin\AppData\Local\Temp\b87a1e6329c3cc7da3688493e291bc6e3b58a5f3185dbcb14af73f1c77aab981.exe
"C:\Users\Admin\AppData\Local\Temp\b87a1e6329c3cc7da3688493e291bc6e3b58a5f3185dbcb14af73f1c77aab981.exe"
1⤵
PID:2308

memory/2308-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/2308-1-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download