cobaltstrike | 16a29e3a6bd80c7e96626fd6ccb3ff1a037b69fc4c63dad966911192ed78c385

Analysis

max time kernel
147s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
23-09-2024 21:13

Target

16a29e3a6bd80c7e96626fd6ccb3ff1a037b69fc4c63dad966911192ed78c385.exe
Size

1.5MB
MD5

1b40dfbf145b17af8e5b9c32bcfb1ced
SHA1

2a5625805202ce20b08082650a832c5387b06a5b
SHA256

16a29e3a6bd80c7e96626fd6ccb3ff1a037b69fc4c63dad966911192ed78c385
SHA512

257f8c4d3469c2d9b6e8aaf69b6224d05b4e5a99acc9776905824940b895ab44621ec764e5912279192398dcdfe6a7c59ccd6b5512740a6e0f5d184603f412f2
SSDEEP

24576:9hOrAH5Z2GGx9oPNqHs6UkM1ShTYgtrKL0vHM/b1v:9hGGU9cNqOCYgtrsGHM/b1

Score

10^/10

Family

cobaltstrike

http://192.168.153.132:8089/WWMb

Attributes

user_agent
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0)

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Users\Admin\AppData\Local\Temp\16a29e3a6bd80c7e96626fd6ccb3ff1a037b69fc4c63dad966911192ed78c385.exe
"C:\Users\Admin\AppData\Local\Temp\16a29e3a6bd80c7e96626fd6ccb3ff1a037b69fc4c63dad966911192ed78c385.exe"
1⤵
PID:3728

memory/3728-0-0x000001F4748A0000-0x000001F4748A1000-memory.dmp

Filesize
4KB

Download
memory/3728-1-0x000001F4748A0000-0x000001F4748A1000-memory.dmp

Filesize
4KB

Download