cobaltstrike | a6e761f0291bd14ea518804b4db8a18f4cb0aeb4844b92d50c64016b67341402 | Triage

Analysis

max time kernel
141s
max time network
140s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
26/11/2024, 11:55

Sharing

Report Analysis Logs

General

Target

a6e761f0291bd14ea518804b4db8a18f4cb0aeb4844b92d50c64016b67341402.exe
Size

54KB
MD5

c5d511c10506c0175e1d6ef0e5fe4dff
SHA1

95ef0f6fba23189af750be9c8ae52e4571dbbd19
SHA256

a6e761f0291bd14ea518804b4db8a18f4cb0aeb4844b92d50c64016b67341402
SHA512

733a5f5c850bf7e8e586b6aca1eac3ea9eff89f10a16d8c62dd609d1a0caefdb31d5ecb4648d7ba18a2db46c98f23211123958d977a7a2dec389d7c387022bdc
SSDEEP

768:UA7TbznfEqTIYv4gKNwFPulvTFKAOE7eJ9GhrIn7+E:5rEqTIm4gKN2PulvTv37DtI7

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://47.104.181.208:80/2zGj

Attributes

user_agent
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727)

Signatures

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike

C:\Users\Admin\AppData\Local\Temp\a6e761f0291bd14ea518804b4db8a18f4cb0aeb4844b92d50c64016b67341402.exe
"C:\Users\Admin\AppData\Local\Temp\a6e761f0291bd14ea518804b4db8a18f4cb0aeb4844b92d50c64016b67341402.exe"
1⤵
PID:1452

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1452-0-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/1452-1-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download