cobaltstrike | 6d6851169cecdff195568b1d34a3fe778e617e480bf57e7625dbf506f60f0aeb | Triage

Analysis

max time kernel
141s
max time network
141s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
20-11-2024 15:52

Sharing

Report Analysis Logs

General

Target

6d6851169cecdff195568b1d34a3fe778e617e480bf57e7625dbf506f60f0aeb.exe
Size

19KB
MD5

4a6c23587f862589dd6d1761efb18844
SHA1

ab594b736f529d84cfad5283776f5e9c695920c8
SHA256

6d6851169cecdff195568b1d34a3fe778e617e480bf57e7625dbf506f60f0aeb
SHA512

81b3756388b9cc6454b5f91cd9ddb3d8d7d5bbbbfd637ae004fc197ea61a649e2d9b5775cd7ccdf9db4eaa853627f2483745b49b049638c34e2376882101fdc1
SSDEEP

192:+V7qaCF6Op1t2dobVXujRDcBaXWQjwOT/2n/JXc6WF8qa1Dojjgi:IqaCF31cix+Dc4zjoJXOFF46gi

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://192.168.1.47:8080/rBx1

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NP02)

Signatures

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike

C:\Users\Admin\AppData\Local\Temp\6d6851169cecdff195568b1d34a3fe778e617e480bf57e7625dbf506f60f0aeb.exe
"C:\Users\Admin\AppData\Local\Temp\6d6851169cecdff195568b1d34a3fe778e617e480bf57e7625dbf506f60f0aeb.exe"
1⤵
PID:1668

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1668-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/1668-1-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download