cobaltstrike | a3bb1a41d9514cb4bad2e6563e59d5ff737751b80035158013f05c09cb72675e | Triage

Submit
Reports

Overview

overview

Static

static

3

a3bb1a41d9...5e.exe

windows7-x64

a3bb1a41d9...5e.exe

windows10-2004-x64

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
01-11-2024 18:09

Sharing

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a3bb1a41d9514cb4bad2e6563e59d5ff737751b80035158013f05c09cb72675e.exe

Resource

win7-20240903-en

cobaltstrike backdoor trojan

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

a3bb1a41d9514cb4bad2e6563e59d5ff737751b80035158013f05c09cb72675e.exe

Resource

win10v2004-20241007-en

cobaltstrike backdoor trojan

windows10-2004-x64

2 signatures

150 seconds

Report Analysis Logs

General

Target

a3bb1a41d9514cb4bad2e6563e59d5ff737751b80035158013f05c09cb72675e.exe
Size

19KB
MD5

00605bc2c3ba299ff5baac209b87769e
SHA1

da65cd18ee88dfb1d53a3555593ae405d4662456
SHA256

a3bb1a41d9514cb4bad2e6563e59d5ff737751b80035158013f05c09cb72675e
SHA512

00638d0372250b6bff9e83b37cd5714d1b22b4d78ac2cfdddb08e758991ee2d098f3913a83076004ced72dd0d7363146c1871e392ce1bd4464654deaa0627bdb
SSDEEP

192:5V7qaCF6Op1t2dobVXujRDcBaXWQjwOT/2FrzvC7WF8qa1Dojjgi:bqaCF31cix+Dc4zjKzqCFF46gi

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://192.168.6.61:80/SNbZ

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MANM; MANM)

Signatures

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike

Processes

C:\Users\Admin\AppData\Local\Temp\a3bb1a41d9514cb4bad2e6563e59d5ff737751b80035158013f05c09cb72675e.exe
"C:\Users\Admin\AppData\Local\Temp\a3bb1a41d9514cb4bad2e6563e59d5ff737751b80035158013f05c09cb72675e.exe"
1⤵
PID:4532

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4532-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/4532-1-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download

© 2018-2024

Terms | Privacy