cobaltstrike | 1005f95a8e062e4cf5ecf9ad391beb122a7eb25cb2e9e6a3725c1dde45bed258

Analysis

max time kernel
133s
max time network
141s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
07/09/2024, 06:32

Target

1005f95a8e062e4cf5ecf9ad391beb122a7eb25cb2e9e6a3725c1dde45bed258.exe
Size

424KB
MD5

06418915e9aac904884505f24858be48
SHA1

8947523cd021e592c4ef40a8522f38ec6bcc1391
SHA256

1005f95a8e062e4cf5ecf9ad391beb122a7eb25cb2e9e6a3725c1dde45bed258
SHA512

9f46699dac2f5ae4f9e47314e11de9d8449e8049017cdc63b3b83d49ad9c2a536310474da367f1d5450889197028ee4207918d2cf4ff4edc9610504504e38a35
SSDEEP

6144:3vgpVVSZ/xe9fT+Z5H5luviXhj1/3rOwcjSVgfO+fQhT/n:3vgrVSZFH5EviXhj7OfO+fqn

Score

10^/10

Family

cobaltstrike

http://20.168.34.229:39005/XhQL

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0; MASP)

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Users\Admin\AppData\Local\Temp\1005f95a8e062e4cf5ecf9ad391beb122a7eb25cb2e9e6a3725c1dde45bed258.exe
"C:\Users\Admin\AppData\Local\Temp\1005f95a8e062e4cf5ecf9ad391beb122a7eb25cb2e9e6a3725c1dde45bed258.exe"
1⤵
PID:2288

memory/2288-0-0x00000000001E0000-0x00000000001E1000-memory.dmp

Filesize
4KB

Download