cobaltstrike | 6ed27a30c873da9bc48ecaf5dc4cc8e9dc32818c9badaed674ccbb3476c806d9

Analysis

max time kernel
148s
max time network
150s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
02-08-2024 10:52

Target

6ed27a30c873da9bc48ecaf5dc4cc8e9dc32818c9badaed674ccbb3476c806d9.exe
Size

19KB
MD5

8bad5fe3ac7e1eac372a3262b6711fb2
SHA1

28cd1f20d23a3e5f39c4e37c19cd00de7e7847e9
SHA256

6ed27a30c873da9bc48ecaf5dc4cc8e9dc32818c9badaed674ccbb3476c806d9
SHA512

ffa77deb408264bedd2df53f12c432ff6da5c60eb591853674a498d7a5498088994f87294d4c946fe1484b26280e864e9df38c17db5220ee091f2af824d7866c
SSDEEP

192:g+V7qaCF6Op1t2dobVXujRDcBaXWQjwOT/28C0OdGyzpWF8qa1Dojjgi:vqaCF31cix+Dc4zjz8z0FF46gi

Score

10^/10

Family

cobaltstrike

http://192.168.73.130:1235/3tlJ

Attributes

user_agent
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727)

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Users\Admin\AppData\Local\Temp\6ed27a30c873da9bc48ecaf5dc4cc8e9dc32818c9badaed674ccbb3476c806d9.exe
"C:\Users\Admin\AppData\Local\Temp\6ed27a30c873da9bc48ecaf5dc4cc8e9dc32818c9badaed674ccbb3476c806d9.exe"
1⤵
PID:2160

memory/2160-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/2160-1-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download