cobaltstrike | cf6c2ccc899d70cb37af9afd59609958dbb1f248ac60a7e8dbda53135de84a81 | Triage

Analysis

max time kernel
149s
max time network
154s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
27/11/2024, 06:07

Sharing

Report Analysis Logs

General

Target

cf6c2ccc899d70cb37af9afd59609958dbb1f248ac60a7e8dbda53135de84a81.exe
Size

19KB
MD5

6ebdbf0361a0d1b532162d65bb9fe346
SHA1

de66f723c0b74b2a519f71b6a8c35fea757a8606
SHA256

cf6c2ccc899d70cb37af9afd59609958dbb1f248ac60a7e8dbda53135de84a81
SHA512

5d3c122b910d8e57ed67c0a5522d342e1c5789b5fdad7b2397d10538b650ef82c8685cf60777595d736554a8c70ae2685447d02df4053baac5bb5caea8cdd802
SSDEEP

192:9V7qaCF6Op1i2dobVXujRDcBaXWQjwOT/29pDWF8qa1Dojjgi:vqaCF31Dix+Dc4zjlFF46gi

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://10.10.14.2:443/messages/DBLCNIF13

Attributes

user_agent
Accept: */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: close User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; Touch)

Signatures

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike

C:\Users\Admin\AppData\Local\Temp\cf6c2ccc899d70cb37af9afd59609958dbb1f248ac60a7e8dbda53135de84a81.exe
"C:\Users\Admin\AppData\Local\Temp\cf6c2ccc899d70cb37af9afd59609958dbb1f248ac60a7e8dbda53135de84a81.exe"
1⤵
PID:2792

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2792-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/2792-1-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download