cobaltstrike | e5aea542ee91767b72924b3379cf0af3da6a8168686eab1621350b96bfadb0de

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
25-05-2024 02:07

Target

e5aea542ee91767b72924b3379cf0af3da6a8168686eab1621350b96bfadb0de.exe
Size

18KB
MD5

5b414e7955f648917cbafec6fb738482
SHA1

cbb8a3208e5fb83610ac75b671cd629c6e3481fc
SHA256

e5aea542ee91767b72924b3379cf0af3da6a8168686eab1621350b96bfadb0de
SHA512

ff9d6dc05fdecb54b661a2c70853c9e8faee9009394803cbfbf642fb971e2c1c5356b864ffe75ec570cd95147207106248f493fc7d6c163d90b6ef5b69e428ed
SSDEEP

192:10X9M+VvDVyaLjIy/hZFLKHGGfet4YX2IpqqDF7FR1DMjjhh:8HVJyawy/h7KWXRvDZh+hh

Score

10^/10

Family

cobaltstrike

http://43.138.234.160:8088/center/user_sid

Attributes

user_agent
Accept: */* Accept-Language: en-US,en;q=0.5 Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4472.114 Safari/537.36

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Users\Admin\AppData\Local\Temp\e5aea542ee91767b72924b3379cf0af3da6a8168686eab1621350b96bfadb0de.exe
"C:\Users\Admin\AppData\Local\Temp\e5aea542ee91767b72924b3379cf0af3da6a8168686eab1621350b96bfadb0de.exe"
1⤵
PID:3980

memory/3980-0-0x00000000001E0000-0x00000000001E1000-memory.dmp

Filesize
4KB

Download
memory/3980-1-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download