cobaltstrike | 6e0da8a9b6553b0b0c925aacd0f9d9ca9ac6ada4cdda1372c716e2d86d855cc9 | Triage

Analysis

max time kernel
140s
max time network
140s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
21-11-2024 07:49

Sharing

Report Analysis Logs

General

Target

6e0da8a9b6553b0b0c925aacd0f9d9ca9ac6ada4cdda1372c716e2d86d855cc9.exe
Size

19KB
MD5

60b1317e58ddf86ef6f9866de5c86eb5
SHA1

4894a7828139f4fa14d6494a44cd714ff3bb3e64
SHA256

6e0da8a9b6553b0b0c925aacd0f9d9ca9ac6ada4cdda1372c716e2d86d855cc9
SHA512

f563be3f77555e1c74a55c5a9b583bfb9708ed096581fecd0a585960c04b872cd26631521d5d0094b0ae6133516438404e79305cae4013bc5cbd749f18a9f893
SSDEEP

192:cV7qaCF6Op1t2dobVXujRDcBaXWQjwOT/2EsjVWF8qa1Dojjgi:+qaCF31cix+Dc4zj6YFF46gi

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://192.168.31.200:80/Xy9S

Attributes

user_agent
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)

Signatures

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike

C:\Users\Admin\AppData\Local\Temp\6e0da8a9b6553b0b0c925aacd0f9d9ca9ac6ada4cdda1372c716e2d86d855cc9.exe
"C:\Users\Admin\AppData\Local\Temp\6e0da8a9b6553b0b0c925aacd0f9d9ca9ac6ada4cdda1372c716e2d86d855cc9.exe"
1⤵
PID:2064

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2064-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/2064-1-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download