cobaltstrike | dabfbcaac6801fba0bd5f7b8f50f02dd04e305e6855c2724c5f527a4a4ec1aff

Analysis

max time kernel
149s
max time network
150s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
26-09-2024 14:55

Target

dabfbcaac6801fba0bd5f7b8f50f02dd04e305e6855c2724c5f527a4a4ec1aff.exe
Size

19KB
MD5

cc91df1f73ab760e2ded2dfe6945b7e9
SHA1

5f74e0a7246691f562b000f9c139f73d62774a26
SHA256

dabfbcaac6801fba0bd5f7b8f50f02dd04e305e6855c2724c5f527a4a4ec1aff
SHA512

6b057e69c2b8c3d24b42d0c9e57f9538419a890194b560f0c93328364180a35352e6cc908ec5e6c4a398d962308ecfcf7a8fe407da1bac470db9f25a122e6f4f
SSDEEP

192:bV7qaCF6Op1t2dobVXujRDcBaXWQjwOT/2HrXqWF8qa1Dojjgi:1qaCF31cix+Dc4zjMXzFF46gi

Score

10^/10

Family

cobaltstrike

http://47.113.96.6:4444/uv1A

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; Avant Browser)

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Users\Admin\AppData\Local\Temp\dabfbcaac6801fba0bd5f7b8f50f02dd04e305e6855c2724c5f527a4a4ec1aff.exe
"C:\Users\Admin\AppData\Local\Temp\dabfbcaac6801fba0bd5f7b8f50f02dd04e305e6855c2724c5f527a4a4ec1aff.exe"
1⤵
PID:2520

memory/2520-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/2520-1-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download