cobaltstrike | b64b522a9b754bca2d34348c9d9672b6f72f0d42331dd04fd58af5b57ab70c24 | Triage

Analysis

max time kernel
141s
max time network
141s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
31-10-2024 08:23

Sharing

Report Analysis Logs

General

Target

b64b522a9b754bca2d34348c9d9672b6f72f0d42331dd04fd58af5b57ab70c24.exe
Size

19KB
MD5

208b8cd5653007e6c60d90318f87417b
SHA1

e495c9a44973dfb46721cd14a6adb1b50a16f983
SHA256

b64b522a9b754bca2d34348c9d9672b6f72f0d42331dd04fd58af5b57ab70c24
SHA512

6cd1a12d8921c86a51b3d7427ccbaaca35913b7d08048496bca6b1ee86f5c2f072d55d557ee36b42ea224447f798aa227491e45d143357706157bac52d463f23
SSDEEP

192:PV7qaCF6Op1t2dobVXujRDcBaXWQjwOT/2wnvWF8qa1Dojjgi:JqaCF31cix+Dc4zj7OFF46gi

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://192.168.136.130:1234/4rpG

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;PTBR)

Signatures

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike

C:\Users\Admin\AppData\Local\Temp\b64b522a9b754bca2d34348c9d9672b6f72f0d42331dd04fd58af5b57ab70c24.exe
"C:\Users\Admin\AppData\Local\Temp\b64b522a9b754bca2d34348c9d9672b6f72f0d42331dd04fd58af5b57ab70c24.exe"
1⤵
PID:1548

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1548-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/1548-1-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download