cobaltstrike | 70401fe3a501913baaa52a8b6114fde1ff10c9c6c72e26bf6de9eb88dc330662 | Triage

Analysis

max time kernel
141s
max time network
140s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
22-11-2024 06:15

Sharing

Report Analysis Logs

General

Target

70401fe3a501913baaa52a8b6114fde1ff10c9c6c72e26bf6de9eb88dc330662.exe
Size

19KB
MD5

81ed123032162bd7c47bbdfeb62576c5
SHA1

5844d62249f3f0c205cd83f7eee8d0ab6b2e49d1
SHA256

70401fe3a501913baaa52a8b6114fde1ff10c9c6c72e26bf6de9eb88dc330662
SHA512

604e927cac29cde7c51cc12cbb002e562f3e0be22b6fa6dcf931a03f9a3e0b540c3f1b473174444bed8bb390b19e2a00983970e9766ff4e1d6a5ac39ba2e7c81
SSDEEP

192:bV7qaCF6Op1t2dobVXujRDcBaXWQjwOT/2vryceyYWF8qa1Dojjgi:1qaCF31cix+Dc4zjIy7ytFF46gi

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://8.136.114.146:6666/n2Ql

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MAAU)

Signatures

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike

C:\Users\Admin\AppData\Local\Temp\70401fe3a501913baaa52a8b6114fde1ff10c9c6c72e26bf6de9eb88dc330662.exe
"C:\Users\Admin\AppData\Local\Temp\70401fe3a501913baaa52a8b6114fde1ff10c9c6c72e26bf6de9eb88dc330662.exe"
1⤵
PID:2408

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2408-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/2408-1-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download