cobaltstrike | 449fff96e93d358f838c133a3ca4506c7660ac078e5af24e1c94b813bbd5fc29 | Triage

Submit
Reports

Overview

overview

Static

static

3

449fff96e9...29.exe

windows7-x64

449fff96e9...29.exe

windows10-2004-x64

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21-11-2024 23:03

Sharing

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

449fff96e93d358f838c133a3ca4506c7660ac078e5af24e1c94b813bbd5fc29.exe

Resource

win7-20241023-en

cobaltstrike backdoor trojan

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

449fff96e93d358f838c133a3ca4506c7660ac078e5af24e1c94b813bbd5fc29.exe

Resource

win10v2004-20241007-en

cobaltstrike backdoor trojan

windows10-2004-x64

2 signatures

150 seconds

Report Analysis Logs

General

Target

449fff96e93d358f838c133a3ca4506c7660ac078e5af24e1c94b813bbd5fc29.exe
Size

14KB
MD5

18d83d767482f9a00ea1d1fc77967ba4
SHA1

7b962ad1120adcf90bdeaf5c8ab2644600ff8df3
SHA256

449fff96e93d358f838c133a3ca4506c7660ac078e5af24e1c94b813bbd5fc29
SHA512

64ba65a4d30cbc3c2c1daa01c4d0dad09319a2d97735ecd3ae37fdec13a41af78f9fa6732b826e4853f2ce7c44a822708e96c40bf406f31f3f31d312baa279e7
SSDEEP

192:dLPKlRraArD/u7CEBb8y8dQ9AuQUznURM74N:IRrLu7CE+HdQ3QUTU0c

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://45.77.23.174:5555/aDdT

Attributes

user_agent
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)

Signatures

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike

Processes

C:\Users\Admin\AppData\Local\Temp\449fff96e93d358f838c133a3ca4506c7660ac078e5af24e1c94b813bbd5fc29.exe
"C:\Users\Admin\AppData\Local\Temp\449fff96e93d358f838c133a3ca4506c7660ac078e5af24e1c94b813bbd5fc29.exe"
1⤵
PID:1760

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1760-0-0x00007FF989863000-0x00007FF989865000-memory.dmp

Filesize
8KB

Download
memory/1760-1-0x0000000000130000-0x0000000000138000-memory.dmp

Filesize
32KB

Download
memory/1760-2-0x0000000000AD0000-0x0000000000AD1000-memory.dmp

Filesize
4KB

Download
memory/1760-3-0x00007FF989860000-0x00007FF98A321000-memory.dmp

Filesize
10.8MB

Download
memory/1760-4-0x00007FF989860000-0x00007FF98A321000-memory.dmp

Filesize
10.8MB

Download

© 2018-2024

Terms | Privacy