cobaltstrike | 2210845f0274e605766418df2a9f81c15d8e1f383e445a5b01a385fbfecc9fa3 | Triage

Analysis

max time kernel
141s
max time network
140s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
24-08-2024 22:58

Sharing

Report Analysis Logs

General

Target

a.exe
Size

19KB
MD5

06acac40f95b938cc52dd263fd39f631
SHA1

48143e0e7c6909471c855cc73331817aa4550adf
SHA256

2210845f0274e605766418df2a9f81c15d8e1f383e445a5b01a385fbfecc9fa3
SHA512

52588d483235c741beb2c4fb9414e0a5ee4b21e05e63e5e9b55ef78942c55be383fb800381a14f010084b7a999ee685700ec2d36f93df2e336915f27290e6c64
SSDEEP

192:EV7qaCF6Op1t2dobVXujRDcBaXWQjwOT/20OdNYqMgWF8qa1Dojjgi:2qaCF31cix+Dc4zjeNkFF46gi

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://106.15.67.102:80/YJCw

Attributes

user_agent
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2)

Signatures

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Users\Admin\AppData\Local\Temp\a.exe
"C:\Users\Admin\AppData\Local\Temp\a.exe"
1⤵
PID:2544

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2544-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/2544-1-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download