cobaltstrike | 1e8caadce9f7e7f063e6e0938f1526cc083ba42b0d70ad46b7d11febe74d6d40 | Triage

Analysis

max time kernel
141s
max time network
140s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22-11-2024 10:03

Sharing

Report Analysis Logs

General

Target

1e8caadce9f7e7f063e6e0938f1526cc083ba42b0d70ad46b7d11febe74d6d40.exe
Size

19KB
MD5

24c5f80704048aea2871b3ed80cbf482
SHA1

a361acc3db14d326b0edb518bd820f7e5dc8928a
SHA256

1e8caadce9f7e7f063e6e0938f1526cc083ba42b0d70ad46b7d11febe74d6d40
SHA512

f9e934c9c6ed6b75c6ef4e6d187ffe02d7aca57225b1497156dcb45061bb4bb00ff169e5462fd1fc253a23fa98bb3c544ac38c0dcbd5d610e3e6a7de5ca7d957
SSDEEP

192:b+V7qaCF6Op1t2dobVXujRDcBaXWQjwOT/2WymoaUsxUIv5WF8qa1Dojjgi:bIqaCF31cix+Dc4zjtHoa1e8kFF46gi

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://172.20.10.5:81/Nrk2

Attributes

user_agent
User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.40

Signatures

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike

C:\Users\Admin\AppData\Local\Temp\1e8caadce9f7e7f063e6e0938f1526cc083ba42b0d70ad46b7d11febe74d6d40.exe
"C:\Users\Admin\AppData\Local\Temp\1e8caadce9f7e7f063e6e0938f1526cc083ba42b0d70ad46b7d11febe74d6d40.exe"
1⤵
PID:2072

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2072-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/2072-1-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download