cobaltstrike | 4fcf77edd8f8689166246cff3d7d471fc2bf14aacdf8ec6894b90e76d5757c79

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
16-09-2024 10:27

Target

202409166cbb5b220b4f9875057d913f623d53c5cobaltstrikemegazord.exe
Size

7.1MB
MD5

6cbb5b220b4f9875057d913f623d53c5
SHA1

41e3cf726b9776965f53dc93ec1112289e45390b
SHA256

4fcf77edd8f8689166246cff3d7d471fc2bf14aacdf8ec6894b90e76d5757c79
SHA512

132fe341cb20cbf7b5afdeda629295d4a7d73d6ec7e7038c98144c14b5704db4ebe12b8ce7a7fd92f48b1e3601254968827b6501dd33dd7e35c20ae22025d3ad
SSDEEP

49152:9Gnu8fNpguSmmBTsrD0V2pv2Gt03gmsOB5hZTBtwK7etuR0t6qti7RTWjXapmomi:sim03gSI9U1AHOq4pkTVlYAI

Score

10^/10

Family

cobaltstrike

http://150.158.38.230:443/api/v2/getinfo

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0) Host: updatetime.msn.cn

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Users\Admin\AppData\Local\Temp\202409166cbb5b220b4f9875057d913f623d53c5cobaltstrikemegazord.exe
"C:\Users\Admin\AppData\Local\Temp\202409166cbb5b220b4f9875057d913f623d53c5cobaltstrikemegazord.exe"
1⤵
PID:3352

memory/3352-1-0x000001B342310000-0x000001B342311000-memory.dmp

Filesize
4KB

Download
memory/3352-0-0x000001B3421B0000-0x000001B3421B4000-memory.dmp

Filesize
16KB

Download