cobaltstrike | 40ccbe4d4a5bf8bed3b1fdbf586162ac7046fad1a68400539d9a6f827b1357b6 | Triage

Submit
Reports

Overview

overview

Static

static

3

40ccbe4d4a...b6.exe

windows7-x64

7

40ccbe4d4a...b6.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

40ccbe4d4a5bf8bed3b1fdbf586162ac7046fad1a68400539d9a6f827b1357b6.exe
Size

1.3MB
Sample

240822-gelmfavbkq
MD5

fd30f3a2dd525c009bc289aa6adf3566
SHA1

1d85109920e8d56f1b84096eba24b860f25e7edb
SHA256

40ccbe4d4a5bf8bed3b1fdbf586162ac7046fad1a68400539d9a6f827b1357b6
SHA512

ebb6792c816746d5af63382909432366cdf7ff86cab8231e85caf8f3819caf20446736af0c8839f8bdebe3eea2987e716198a1b7e3af94ff53b89400893437f6
SSDEEP

24576:0Hyi0YRzZgx/jtTObFtURiRQkzRQD9ZkdxTu5iZpUHLQfRRN:HIIhTObMbIItry

Score

10^/10

cobaltstrike backdoor trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

40ccbe4d4a5bf8bed3b1fdbf586162ac7046fad1a68400539d9a6f827b1357b6.exe

Resource

win7-20240705-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

40ccbe4d4a5bf8bed3b1fdbf586162ac7046fad1a68400539d9a6f827b1357b6.exe

Resource

win10v2004-20240802-en

cobaltstrike backdoor trojan

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

cobaltstrike

C2

http://49.233.48.44:443/Rpc

Attributes

user_agent
Accept: */* User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)

Targets

- Target
  
  40ccbe4d4a5bf8bed3b1fdbf586162ac7046fad1a68400539d9a6f827b1357b6.exe
- Size
  
  1.3MB
- MD5
  
  fd30f3a2dd525c009bc289aa6adf3566
- SHA1
  
  1d85109920e8d56f1b84096eba24b860f25e7edb
- SHA256
  
  40ccbe4d4a5bf8bed3b1fdbf586162ac7046fad1a68400539d9a6f827b1357b6
- SHA512
  
  ebb6792c816746d5af63382909432366cdf7ff86cab8231e85caf8f3819caf20446736af0c8839f8bdebe3eea2987e716198a1b7e3af94ff53b89400893437f6
- SSDEEP
  
  24576:0Hyi0YRzZgx/jtTObFtURiRQkzRQD9ZkdxTu5iZpUHLQfRRN:HIIhTObMbIItry
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

cobaltstrikebackdoortrojan

© 2018-2025

Terms | Privacy