cobaltstrike | c87e6ae52b1d5df1ae1a4439016cc64abaf464ad7e66fb8fa1f319423718c545 | Triage

Submit
Reports

Overview

overview

Static

static

3

artifact.exe

windows7-x64

artifact.exe

windows10-2004-x64

Analysis

max time kernel
94s
max time network
107s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
17-09-2024 03:18

Sharing

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

artifact.exe

Resource

win7-20240903-en

cobaltstrike backdoor trojan

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral2

Sample

artifact.exe

Resource

win10v2004-20240802-en

cobaltstrike backdoor trojan

windows10-2004-x64

1 signatures

150 seconds

Report Analysis Logs

General

Target

artifact.exe
Size

19KB
MD5

29ab61ea2cf18f15b95fcf953e78290d
SHA1

225e899cf0634122d2fd543761ff44d3994d9326
SHA256

c87e6ae52b1d5df1ae1a4439016cc64abaf464ad7e66fb8fa1f319423718c545
SHA512

7d2407150250971cc49d94182c377c298220ab862b8227f423e7373ab6e5351b83d298e4d13fb55e80427d8271667d2125a49518ab62232dca8232b5553669cc
SSDEEP

192:fV7qaCF6Op1t2dobVXujRDcBaXWQjwOT/2VDK9eWF8qa1Dojjgiw:ZqaCF31cix+Dc4zjBFF46giw

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://156.238.240.131:80/NNIx

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0; BOIE9;ENUS)

Signatures

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

Processes

C:\Users\Admin\AppData\Local\Temp\artifact.exe
"C:\Users\Admin\AppData\Local\Temp\artifact.exe"
1⤵
PID:3420

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3420-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/3420-1-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download

© 2018-2025

Terms | Privacy