cobaltstrike | af02fed6df2fab1244d2abcaa09d6cbf1f07559dacb059c56d9940c5d2ab1201 | Triage

Submit
Reports

Overview

overview

Static

static

3

af02fed6df...01.exe

windows7-x64

af02fed6df...01.exe

windows10-2004-x64

Analysis

max time kernel
148s
max time network
154s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
18-11-2024 12:02

Sharing

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

af02fed6df2fab1244d2abcaa09d6cbf1f07559dacb059c56d9940c5d2ab1201.exe

Resource

win7-20241010-en

cobaltstrike backdoor trojan

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

af02fed6df2fab1244d2abcaa09d6cbf1f07559dacb059c56d9940c5d2ab1201.exe

Resource

win10v2004-20241007-en

cobaltstrike backdoor trojan

windows10-2004-x64

2 signatures

150 seconds

Report Analysis Logs

General

Target

af02fed6df2fab1244d2abcaa09d6cbf1f07559dacb059c56d9940c5d2ab1201.exe
Size

12KB
MD5

d844435ab833457b07f95be243b55d98
SHA1

192e7e0378fc5b3e006c9889acafa38941426960
SHA256

af02fed6df2fab1244d2abcaa09d6cbf1f07559dacb059c56d9940c5d2ab1201
SHA512

bfddc34983ee1116c9649d23e852035af2ae06053aa27de72700baff22f4a607a96d0d524e966977efb3a4efe4b8fb174a5ffb4034f1b0b12fec032b28ebc0dd
SSDEEP

192:ODlCO6zQ4YqPeymezimortHgbite3Q5tfLrqk0:ODlCPQ4YQpmeumorOSe37k

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://1.94.63.197:9901/QNHv

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; ASU2JS)

Signatures

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike

Processes

C:\Users\Admin\AppData\Local\Temp\af02fed6df2fab1244d2abcaa09d6cbf1f07559dacb059c56d9940c5d2ab1201.exe
"C:\Users\Admin\AppData\Local\Temp\af02fed6df2fab1244d2abcaa09d6cbf1f07559dacb059c56d9940c5d2ab1201.exe"
1⤵
PID:2408

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2408-0-0x00000000000D0000-0x00000000000D1000-memory.dmp

Filesize
4KB

Download

© 2018-2024

Terms | Privacy