cobaltstrike | 0771cea784eba4451048fc2dcc832853c8a39a0450644f33d28ea008e0bde693 | Triage

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
23-11-2024 22:24

Sharing

Report Analysis Logs

General

Target

0771cea784eba4451048fc2dcc832853c8a39a0450644f33d28ea008e0bde693.exe
Size

553KB
MD5

b54ffc49c57dd1f093f269fe04dadff9
SHA1

ff626d7e3e7509a0413f534cb520dd9312a43bb3
SHA256

0771cea784eba4451048fc2dcc832853c8a39a0450644f33d28ea008e0bde693
SHA512

ca0c979c9c53a5355d4ae993e3c58921c9213955bdc317b69c00a7e02fb3126884c6062386175ee7122a2651d51b7359c7d49009cdd9bbae1d766c7f698d5237
SSDEEP

12288:pgrtnPdl5rfdTt4Wyl5a0BP0d1DTvYF67ooL:pklrryl5aPnDTvYF67ooL

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://106.52.65.141:1234/y99r

Attributes

user_agent
User-Agent: Mozilla/5.0 (Windows; U; MSIE 7.0; Windows NT 6.1) Java/1.5.0_08

Signatures

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike

C:\Users\Admin\AppData\Local\Temp\0771cea784eba4451048fc2dcc832853c8a39a0450644f33d28ea008e0bde693.exe
"C:\Users\Admin\AppData\Local\Temp\0771cea784eba4451048fc2dcc832853c8a39a0450644f33d28ea008e0bde693.exe"
1⤵
PID:1328

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1328-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/1328-1-0x000000013FD10000-0x000000013FD97000-memory.dmp

Filesize
540KB

Download
memory/1328-2-0x000000013FD10000-0x000000013FD97000-memory.dmp

Filesize
540KB

Download