cobaltstrike | 6e32b516944eed2cfc59a9e85d03d9537c8221daf3ebd3756788660541e6327e | Triage

Submit
Reports

Overview

overview

Static

static

3

6e32b51694...7e.exe

windows7-x64

6e32b51694...7e.exe

windows10-2004-x64

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21-11-2024 07:48

Sharing

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

6e32b516944eed2cfc59a9e85d03d9537c8221daf3ebd3756788660541e6327e.exe

Resource

win7-20240903-en

cobaltstrike backdoor trojan

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

6e32b516944eed2cfc59a9e85d03d9537c8221daf3ebd3756788660541e6327e.exe

Resource

win10v2004-20241007-en

cobaltstrike backdoor trojan

windows10-2004-x64

2 signatures

150 seconds

Report Analysis Logs

General

Target

6e32b516944eed2cfc59a9e85d03d9537c8221daf3ebd3756788660541e6327e.exe
Size

19KB
MD5

3b125603c1dd489a3fd51fd2b42f5713
SHA1

544094f03a6c4bc92001545cd8930f7c261af9dc
SHA256

6e32b516944eed2cfc59a9e85d03d9537c8221daf3ebd3756788660541e6327e
SHA512

6d6168b569fae4f7b704ca6fd2a3b60fe9ac324beeea72d7826beaa0977ea862623768c7482e7a5f3b8677693b15828dca72a5ad5e295fa3f67facaed78f7858
SSDEEP

192:4V7qaCF6Op1t2dobVXujRDcBaXWQjwOT/22REWF8qa1Dojjgi:qqaCF31cix+Dc4zjzvFF46gi

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://192.168.31.200:443/BTbe

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; WOW64; Trident/5.0; msn OptimizedIE8;ENUS)

Signatures

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike

Processes

C:\Users\Admin\AppData\Local\Temp\6e32b516944eed2cfc59a9e85d03d9537c8221daf3ebd3756788660541e6327e.exe
"C:\Users\Admin\AppData\Local\Temp\6e32b516944eed2cfc59a9e85d03d9537c8221daf3ebd3756788660541e6327e.exe"
1⤵
PID:324

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/324-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/324-1-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download

© 2018-2024

Terms | Privacy