cobaltstrike | 16d8d8017e290f34da6431801bccc525d65a1996dc7b82231daf049b02b8faa8

Analysis

max time kernel
131s
max time network
139s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 20:39

Target

16d8d8017e290f34da6431801bccc525d65a1996dc7b82231daf049b02b8faa8.exe
Size

110KB
MD5

b606154b57629404ab73e61f96c1cb35
SHA1

193e71806b000b50edd8977a980d042ab14bf61e
SHA256

16d8d8017e290f34da6431801bccc525d65a1996dc7b82231daf049b02b8faa8
SHA512

d2932c97418362fd04eef31419d88bb3f31d501410d82204819d8416b20798c51e00004618de33a6655828c4bec6c53cf4b2f7c3ffbaac1a24cc1ff2dd430435
SSDEEP

3072:X0ZQ/bOhbxztku0X/XX2bPZ587bbOPIPr4xM:kq/bOhZqpX/X57h8C

Score

10^/10

Family

cobaltstrike

http://172.26.218.210:11111/YAkX

Attributes

user_agent
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SV1)

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Users\Admin\AppData\Local\Temp\16d8d8017e290f34da6431801bccc525d65a1996dc7b82231daf049b02b8faa8.exe
"C:\Users\Admin\AppData\Local\Temp\16d8d8017e290f34da6431801bccc525d65a1996dc7b82231daf049b02b8faa8.exe"
1⤵
PID:2696

memory/2696-1-0x00000000000E0000-0x00000000000E1000-memory.dmp

Filesize
4KB

Download
memory/2696-0-0x00000000000E0000-0x00000000000E1000-memory.dmp

Filesize
4KB

Download