cobaltstrike | 3b6b53bf9597665996b094e24517a139c277b638f605f10a7b9cef47dbba2083

Analysis

max time kernel
150s
max time network
139s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 19:28

Target

3b6b53bf9597665996b094e24517a139c277b638f605f10a7b9cef47dbba2083.exe
Size

110KB
MD5

1dd3b81bd5d584a552c9bffa3aae38e8
SHA1

d7c7d83e1793174e8c1a5e7d61945f9d3b9f54b6
SHA256

3b6b53bf9597665996b094e24517a139c277b638f605f10a7b9cef47dbba2083
SHA512

f4599e3b2b919a059098635f242a46a127d2ae44eb86114d833765e962a1b7b6a1b7340d6c41961f5319b2469c02d6af126911094da5cf5177f8f642f2d90c95
SSDEEP

1536:EgSR5vFNoPoYsKwTu2DsQbdOlSausE4yg/MKrfcsqc3gsWvdD9dlfLvuDa:FSR5v9lL3bdsvusEtg/9rfBqWUbtvWa

Score

10^/10

Family

cobaltstrike

http://172.26.218.210:11111/YAkX

Attributes

user_agent
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SV1)

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Users\Admin\AppData\Local\Temp\3b6b53bf9597665996b094e24517a139c277b638f605f10a7b9cef47dbba2083.exe
"C:\Users\Admin\AppData\Local\Temp\3b6b53bf9597665996b094e24517a139c277b638f605f10a7b9cef47dbba2083.exe"
1⤵
PID:3052

memory/3052-2-0x00000000000C0000-0x00000000000C1000-memory.dmp

Filesize
4KB

Download
memory/3052-0-0x00000000000C0000-0x00000000000C1000-memory.dmp

Filesize
4KB

Download