cobaltstrike | 2598a08f3e6cd2e12e34862b1789637a3c511492ca792caa8078d27a891201f4 | Triage

Submit
Reports

Overview

overview

Static

static

3

2598a08f3e...f4.exe

windows7-x64

2598a08f3e...f4.exe

windows10-2004-x64

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
24-11-2024 06:12

Sharing

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2598a08f3e6cd2e12e34862b1789637a3c511492ca792caa8078d27a891201f4.exe

Resource

win7-20241023-en

cobaltstrike backdoor trojan

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

2598a08f3e6cd2e12e34862b1789637a3c511492ca792caa8078d27a891201f4.exe

Resource

win10v2004-20241007-en

cobaltstrike backdoor trojan

windows10-2004-x64

2 signatures

150 seconds

Report Analysis Logs

General

Target

2598a08f3e6cd2e12e34862b1789637a3c511492ca792caa8078d27a891201f4.exe
Size

1.4MB
MD5

002b633a6fe2e1ed919665616c2e12ef
SHA1

772e56d467281cdc8f4e9a7e8096a294c97b5104
SHA256

2598a08f3e6cd2e12e34862b1789637a3c511492ca792caa8078d27a891201f4
SHA512

efe8b4a08e1975f6b3d32584acba9db78fe286193c85594e8880f2337859318b78a5dea823256b7f69a220e897ae39d927cfdd15f9e0a509cc7245c133ed3597
SSDEEP

24576:el7kg/YVtSaZzP7SKBdJKXSgvQqOCn8l0E0LICu5z1:MwgwVLZj7PbASgvn3n8l0E0LICu5z1

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://60.204.238.168:9876/jquery-3.3.2.slim.min.js

Attributes

user_agent
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Referer: http://code.jquery.com/ Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko

Signatures

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike

Processes

C:\Users\Admin\AppData\Local\Temp\2598a08f3e6cd2e12e34862b1789637a3c511492ca792caa8078d27a891201f4.exe
"C:\Users\Admin\AppData\Local\Temp\2598a08f3e6cd2e12e34862b1789637a3c511492ca792caa8078d27a891201f4.exe"
1⤵
PID:3472

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3472-0-0x000002A572440000-0x000002A572441000-memory.dmp

Filesize
4KB

Download

© 2018-2025

Terms | Privacy