cobaltstrike | 3a5bac511ff0a1131c8b6a410aa6ed7c0f8e8a5a33314e03bcf95a949241b64c

Analysis

max time kernel
110s
max time network
116s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
16-09-2024 16:52

Target

Trojan.Win64.Bulz.SPVV.exe
Size

17KB
MD5

f5f683b8a71d2688b375d318680b8680
SHA1

e214d620fec14cc8e6ee5236b677fdf5bf1358b0
SHA256

3a5bac511ff0a1131c8b6a410aa6ed7c0f8e8a5a33314e03bcf95a949241b64c
SHA512

077e542c7a32168946befc181c9790cd4c03802fb3e4f0072343d05c77cbd545d29253185b0132c6f3a6417cf790c014ce50a0dd6b53f87f428a7a23b233f333
SSDEEP

192:rDMAe4Ckj19RZZ6wpSfu1bKcq5uHj7khBDSeKNH4yABUbOj6kxiY:rDMAoKz6WtKEj7aBDiLAbAY

Score

10^/10

Family

cobaltstrike

http://81.70.22.105:10005/AUfa

Attributes

user_agent
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0)

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Users\Admin\AppData\Local\Temp\Trojan.Win64.Bulz.SPVV.exe
"C:\Users\Admin\AppData\Local\Temp\Trojan.Win64.Bulz.SPVV.exe"
1⤵
PID:2652

memory/2652-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/2652-1-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download