cobaltstrike | 89a358150a85cbde100bceaefbad054178494c832880d89ff23cca6e66a71442 | Triage

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
30-06-2024 02:11

Sharing

Report Analysis Logs

General

Target

5a50f7d436472f8c906603b01122c943.exe
Size

133KB
MD5

5a50f7d436472f8c906603b01122c943
SHA1

aceedd3f3516f8d445c6432e11cb56679ab2c1be
SHA256

89a358150a85cbde100bceaefbad054178494c832880d89ff23cca6e66a71442
SHA512

0b19e448912fe763a45f67ddfa821b9aff80017cb7800cc9abf1f54369d0385248d2a10bfb57408f53f783336d2c1f07a417b9d1518e7eaf39f6f6ea9229d6f6
SSDEEP

3072:o+TdWkvqPMDnxsqlOuNMHEJmCYUffj+LjM:o0Wu4a3AEg7

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://150.158.38.230:443/De05ceda-acc9-4018-8252-d574e1d1e630.zip

Attributes

user_agent
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/532.31 (KHTML, like Gecko) Chrome/118.1.3.5 Safari/517.36 Connection: Keep-Alive Host: updatetime.msn.cn

Signatures

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Users\Admin\AppData\Local\Temp\5a50f7d436472f8c906603b01122c943.exe
"C:\Users\Admin\AppData\Local\Temp\5a50f7d436472f8c906603b01122c943.exe"
1⤵
PID:1096

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1096-0-0x00000000000D0000-0x00000000000D2000-memory.dmp

Filesize
8KB

Download