cobaltstrike | 4068e5aa577141306228c35c6c9dfda8a325cf93f296df78c4f3a30778bc4e11 | Triage

Submit
Reports

Overview

overview

Static

static

3

4068e5aa57...11.exe

windows7-x64

1

4068e5aa57...11.exe

windows10-2004-x64

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
18-09-2024 13:27

Sharing

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

4068e5aa577141306228c35c6c9dfda8a325cf93f296df78c4f3a30778bc4e11.exe

Resource

win7-20240903-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

4068e5aa577141306228c35c6c9dfda8a325cf93f296df78c4f3a30778bc4e11.exe

Resource

win10v2004-20240802-en

cobaltstrike backdoor trojan

windows10-2004-x64

1 signatures

150 seconds

Report Analysis Logs

General

Target

4068e5aa577141306228c35c6c9dfda8a325cf93f296df78c4f3a30778bc4e11.exe
Size

5.4MB
MD5

fcc768409c363040305c23e0cc7696c5
SHA1

0efed5421565c614c20d6dc100e9db5b50ffd75a
SHA256

4068e5aa577141306228c35c6c9dfda8a325cf93f296df78c4f3a30778bc4e11
SHA512

810f3415875fc0c3759af8d539bb36ca318c6937c2a155aaad53c235f97a3a66192a8f124e919cdf20e2522c14d80efaa7de49fc2bafcda3f7d5544804a2f8e1
SSDEEP

49152:MKhGlMYfcM0+LPhi45Q1kpsh+vn7vx9uWTMj8KxPnY8Ubm5IAy4NwWOkVb8lN/mj:VApi

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://192.168.211.143:80/iJFd

Attributes

user_agent
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727)

Signatures

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

Processes

C:\Users\Admin\AppData\Local\Temp\4068e5aa577141306228c35c6c9dfda8a325cf93f296df78c4f3a30778bc4e11.exe
"C:\Users\Admin\AppData\Local\Temp\4068e5aa577141306228c35c6c9dfda8a325cf93f296df78c4f3a30778bc4e11.exe"
1⤵
PID:3688

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3688-0-0x00000159D4C20000-0x00000159D4D98000-memory.dmp

Filesize
1.5MB

Download
memory/3688-2-0x00000159D68A0000-0x00000159D6A63000-memory.dmp

Filesize
1.8MB

Download
memory/3688-4-0x00000159D68A0000-0x00000159D6A63000-memory.dmp

Filesize
1.8MB

Download
memory/3688-5-0x00000159D68A0000-0x00000159D6A63000-memory.dmp

Filesize
1.8MB

Download
memory/3688-3-0x00000159D68A0000-0x00000159D6A63000-memory.dmp

Filesize
1.8MB

Download
memory/3688-1-0x00000159D68A0000-0x00000159D6A63000-memory.dmp

Filesize
1.8MB

Download
memory/3688-6-0x00000159D6820000-0x00000159D6821000-memory.dmp

Filesize
4KB

Download
memory/3688-7-0x00000159D68A0000-0x00000159D6A63000-memory.dmp

Filesize
1.8MB

Download

© 2018-2025

Terms | Privacy