cobaltstrike | 34e30b18fd4482861916227495ef07e817252cc74571e9eb081e71c07118e969 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

34e30b18fd...ma.exe

windows7-x64

7

34e30b18fd...ma.exe

windows10-2004-x64

Sharing

General

Target

34e30b18fd.exe_spiggma.exe
Size

6.0MB
Sample

240925-qcxflaxaln
MD5

e59cea939446d6c203b80eb6487d0705
SHA1

c912d930360ffd2bf5ff8d79834474be94d91849
SHA256

34e30b18fd4482861916227495ef07e817252cc74571e9eb081e71c07118e969
SHA512

74dbdc05d267bdb8bcb4088d691eae0cc66f508e4f3bdd5b6b43a26e1f435f1a2a571a3f974f2332c615e342b179de6c379807580ab0fe448b8d907a58fb7c07
SSDEEP

98304:gl6sdECBCgVQWJuhswoYv5eOaVczo0Ahd6y0Naxxv8fqDDAx5rlcgVeRWHtw9ust:gl3/CguWJysVYvsO5oyMxxvjDDAx5rl2

Score

10^/10

cobaltstrike backdoor pyinstaller trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

34e30b18fd.exe_spiggma.exe

Resource

win7-20240903-en

windows7-x64

2 signatures

30 seconds

Behavioral task

behavioral2

Sample

34e30b18fd.exe_spiggma.exe

Resource

win10v2004-20240802-en

cobaltstrike backdoor trojan

windows10-2004-x64

4 signatures

30 seconds

Malware Config

Extracted

Family

cobaltstrike

C2

http://209.146.125.199:8889/jquery-3.3.2.slim.min.js

Attributes

user_agent
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Referer: http://code.jquery.com/ Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko

Targets

- Target
  
  34e30b18fd.exe_spiggma.exe
- Size
  
  6.0MB
- MD5
  
  e59cea939446d6c203b80eb6487d0705
- SHA1
  
  c912d930360ffd2bf5ff8d79834474be94d91849
- SHA256
  
  34e30b18fd4482861916227495ef07e817252cc74571e9eb081e71c07118e969
- SHA512
  
  74dbdc05d267bdb8bcb4088d691eae0cc66f508e4f3bdd5b6b43a26e1f435f1a2a571a3f974f2332c615e342b179de6c379807580ab0fe448b8d907a58fb7c07
- SSDEEP
  
  98304:gl6sdECBCgVQWJuhswoYv5eOaVczo0Ahd6y0Naxxv8fqDDAx5rlcgVeRWHtw9ust:gl3/CguWJysVYvsO5oyMxxvjDDAx5rl2
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

cobaltstrikebackdoortrojan

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.