cobaltstrike | 210ca78466d94fb68c838ad85247f6a838c61b312f62d842f57523d90b17c7f7

Analysis

max time kernel
148s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
22-09-2024 09:39

Target

210ca78466d94fb68c838ad85247f6a838c61b312f62d842f57523d90b17c7f7.exe
Size

19KB
MD5

7f399d71147e93f96d60d103fc5827f2
SHA1

9171ee6be5fbe16c1fa25aab570010c15971129f
SHA256

210ca78466d94fb68c838ad85247f6a838c61b312f62d842f57523d90b17c7f7
SHA512

a539447d5a2aedda14cee71ad7326020dd0d0b18585ee13612af392137da59539cb82388c02aadc24a25d04e19fcc804d0258550157282f6075c2f8f27736c4c
SSDEEP

192:NV7qaCF6Op1t2dobVXujRDcBaXWQjwOT/2b+fsQWF8qa1Dojjgi:/qaCF31cix+Dc4zjlkFF46gi

Score

10^/10

Family

cobaltstrike

http://192.168.242.131:80/1iOt

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENGB)

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Users\Admin\AppData\Local\Temp\210ca78466d94fb68c838ad85247f6a838c61b312f62d842f57523d90b17c7f7.exe
"C:\Users\Admin\AppData\Local\Temp\210ca78466d94fb68c838ad85247f6a838c61b312f62d842f57523d90b17c7f7.exe"
1⤵
PID:2628

memory/2628-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/2628-1-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download