cobaltstrike | ce1d1ee0edb1713cf4e7dd5346e705be5337908e9940ca9b353fa0e28500dc01 | Triage

Analysis

max time kernel
131s
max time network
139s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
23-11-2024 11:19

Sharing

Report Analysis Logs

General

Target

ce1d1ee0edb1713cf4e7dd5346e705be5337908e9940ca9b353fa0e28500dc01.exe
Size

635KB
MD5

98d579e1239477105f72783e32e4409b
SHA1

089302c664e779c866b43dcb0cc42f7c312c5312
SHA256

ce1d1ee0edb1713cf4e7dd5346e705be5337908e9940ca9b353fa0e28500dc01
SHA512

0f453944c57cdca0fcc4e44fc2e45c277b032716ff4daa71fea775b99d9c5e740d1383e33a48c0e030515e5c2ed331d59b19d8a13abc9d1e236b22ca3a1a2d04
SSDEEP

6144:ory6hE6iIN51UbBBuJVPT7BcHlFOJ3quOTBcYMezRGSUkPgDo:ZaE7wTU0PT7BcHO3qu8TMMIDo

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://192.168.241.130:9999/jquery-3.3.2.slim.min.js

Attributes

user_agent
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Referer: http://code.jquery.com/ Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko

Signatures

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike

C:\Users\Admin\AppData\Local\Temp\ce1d1ee0edb1713cf4e7dd5346e705be5337908e9940ca9b353fa0e28500dc01.exe
"C:\Users\Admin\AppData\Local\Temp\ce1d1ee0edb1713cf4e7dd5346e705be5337908e9940ca9b353fa0e28500dc01.exe"
1⤵
PID:1736

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1736-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download