cobaltstrike | 0cf6d6ed2f4022e6b304b5349238823f74ebc2ca226a667c06c47c2d65b07487 | Triage

Submit
Reports

Overview

overview

Static

static

0cf6d6ed2f...87.exe

windows7-x64

0cf6d6ed2f...87.exe

windows10-2004-x64

Analysis

max time kernel
147s
max time network
152s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
21-11-2024 05:37

Sharing

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

0cf6d6ed2f4022e6b304b5349238823f74ebc2ca226a667c06c47c2d65b07487.exe

Resource

win7-20241010-en

cobaltstrike backdoor trojan

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

0cf6d6ed2f4022e6b304b5349238823f74ebc2ca226a667c06c47c2d65b07487.exe

Resource

win10v2004-20241007-en

cobaltstrike backdoor trojan

windows10-2004-x64

2 signatures

150 seconds

Report Analysis Logs

General

Target

0cf6d6ed2f4022e6b304b5349238823f74ebc2ca226a667c06c47c2d65b07487.exe
Size

635KB
MD5

0fbef8ad36b431703a43257bbbb44150
SHA1

b3c0ece48011b68f857884f93173ea32861bbaac
SHA256

0cf6d6ed2f4022e6b304b5349238823f74ebc2ca226a667c06c47c2d65b07487
SHA512

5630c11a931177748c59994a9aa40a9f227d70231fe59e96e00be0eeec443298da6d248f5bfec58087a53e564761e32b0b86cb4ab2a94a69be2ecb3136b529f7
SSDEEP

6144:ory6hE6iIN51UbBBuJVPT7BcHlFOJ3quOTBcYMezRGSUkPgD:ZaE7wTU0PT7BcHO3qu8TMMID

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://192.168.241.130:9999/jquery-3.3.2.slim.min.js

Attributes

user_agent
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Referer: http://code.jquery.com/ Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko

Signatures

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike

Processes

C:\Users\Admin\AppData\Local\Temp\0cf6d6ed2f4022e6b304b5349238823f74ebc2ca226a667c06c47c2d65b07487.exe
"C:\Users\Admin\AppData\Local\Temp\0cf6d6ed2f4022e6b304b5349238823f74ebc2ca226a667c06c47c2d65b07487.exe"
1⤵
PID:2236

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2236-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download

© 2018-2024

Terms | Privacy