cobaltstrike | 8f88dccdce150b03d8cf97df7819ede790b0b787ff4929335c5ba478e23e3a6e

Analysis

max time kernel
148s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
08-06-2024 17:56

Target

8f88dccdce150b03d8cf97df7819ede790b0b787ff4929335c5ba478e23e3a6e.exe
Size

17KB
MD5

4c0deb28ba6ff90d8dcd8113b494442b
SHA1

372bbc94c30a32fbf71c0d8749bcaf435dc469c3
SHA256

8f88dccdce150b03d8cf97df7819ede790b0b787ff4929335c5ba478e23e3a6e
SHA512

5a142c8d987445b339f4d13b94d20b5c27daa927e70ab2cb3bdecf214619ad28c115ee0df61dfed447541f88fb302846c270a17261275d80d2c24ed01d42dc92
SSDEEP

192:dDMAe4Ckj19RZZ6wpSfu1bKcq5uHj7khBDSeKNH4BZXHth/oBUbOj6kxiY:dDMAoKz6WtKEj7aBDieZngbAY

Score

10^/10

Family

cobaltstrike

http://47.100.180.123:3005/BflI

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Users\Admin\AppData\Local\Temp\8f88dccdce150b03d8cf97df7819ede790b0b787ff4929335c5ba478e23e3a6e.exe
"C:\Users\Admin\AppData\Local\Temp\8f88dccdce150b03d8cf97df7819ede790b0b787ff4929335c5ba478e23e3a6e.exe"
1⤵
PID:1668

memory/1668-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/1668-1-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download