cobaltstrike | b86e58b7b7733b34252fbeb3639ff499b9db7fbffb7af9d12fc0306b853f009e | Triage

Analysis

max time kernel
141s
max time network
143s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
18-11-2024 07:00

Sharing

Report Analysis Logs

General

Target

b86e58b7b7733b34252fbeb3639ff499b9db7fbffb7af9d12fc0306b853f009e.exe
Size

19KB
MD5

31fe44689a5748ab185c1d049615d2bc
SHA1

de17ccaa35e2851e9eb8efa345aa7dd6da5fe0a2
SHA256

b86e58b7b7733b34252fbeb3639ff499b9db7fbffb7af9d12fc0306b853f009e
SHA512

8480ca303094e5b046343a5b8247c50f17d6c969d27bdcbfef2a4f2555f25df213769a85c181da15ddb2e6a885cfc185ce144b5f982f4395a9274738f1561e21
SSDEEP

192:AV7qaCF6Op1t2dobVXujRDcBaXWQjwOT/2MpRqDeWF8qa1Dojjgi:iqaCF31cix+Dc4zjJRqDfFF46gi

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://47.113.120.25:8848/inCC

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; Avant Browser)

Signatures

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike

C:\Users\Admin\AppData\Local\Temp\b86e58b7b7733b34252fbeb3639ff499b9db7fbffb7af9d12fc0306b853f009e.exe
"C:\Users\Admin\AppData\Local\Temp\b86e58b7b7733b34252fbeb3639ff499b9db7fbffb7af9d12fc0306b853f009e.exe"
1⤵
PID:2372

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2372-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/2372-1-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download