cobaltstrike | 70aa37016a84155f0d63e354e7473ee8ef17b6d886689c6a4471287b8b2c4565 | Triage

Analysis

max time kernel
143s
max time network
150s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
17/11/2024, 12:57

Sharing

Report Analysis Logs

General

Target

70aa37016a84155f0d63e354e7473ee8ef17b6d886689c6a4471287b8b2c4565.exe
Size

19KB
MD5

2d14f3754f18b9ff296e5e4e6a55dedc
SHA1

1f1a25ebcf604c0d282e2c999017103ac2052ded
SHA256

70aa37016a84155f0d63e354e7473ee8ef17b6d886689c6a4471287b8b2c4565
SHA512

571cde11867b7e777045808604fbe54139fd7b749210dbf434b6bea5152b5c6e4bb6f1a30d3d003cde2cd51df23320d6abce5c9d71fb097db63a48b9d7115761
SSDEEP

192:DV7qaCF6Op1t2dobVXujRDcBaXWQjwOT/2Bhr+wJ1WF8qa1Dojjgi:tqaCF31cix+Dc4zjIhr+XFF46gi

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://47.120.47.63:58008/MiDc

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Signatures

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike

C:\Users\Admin\AppData\Local\Temp\70aa37016a84155f0d63e354e7473ee8ef17b6d886689c6a4471287b8b2c4565.exe
"C:\Users\Admin\AppData\Local\Temp\70aa37016a84155f0d63e354e7473ee8ef17b6d886689c6a4471287b8b2c4565.exe"
1⤵
PID:1104

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1104-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/1104-1-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download