cobaltstrike | 5d85b017444b2fab71ad0caeba8e6ab7f30a94f79a85ed256450e026a02e9132 | Triage

Submit
Reports

Overview

overview

Static

static

3

5d85b01744...32.exe

windows7-x64

5d85b01744...32.exe

windows10-2004-x64

Analysis

max time kernel
148s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09-12-2024 14:59

Sharing

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

5d85b017444b2fab71ad0caeba8e6ab7f30a94f79a85ed256450e026a02e9132.exe

Resource

win7-20240903-en

cobaltstrike backdoor trojan

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

5d85b017444b2fab71ad0caeba8e6ab7f30a94f79a85ed256450e026a02e9132.exe

Resource

win10v2004-20241007-en

cobaltstrike backdoor trojan

windows10-2004-x64

2 signatures

150 seconds

Report Analysis Logs

General

Target

5d85b017444b2fab71ad0caeba8e6ab7f30a94f79a85ed256450e026a02e9132.exe
Size

17KB
MD5

ede69af9ae89011d6118e2f3e1f30219
SHA1

5e9284c463542ccef1e2083973bfaa7fa207acda
SHA256

5d85b017444b2fab71ad0caeba8e6ab7f30a94f79a85ed256450e026a02e9132
SHA512

298e124dff6c3cac2532f35ba14995c40c44eba17ea145a724490a77945bbc797a3dd8c369a728a5594c9fd605421bab48dae712d9a5151194e82526044b6cfb
SSDEEP

192:ADMAe4Ckj19RZZ6wpSfu1bKcq5uHj7khBDSeKNH403oRK+BUbOj6kxiY:ADMAoKz6WtKEj7aBDiH32bAY

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://118.31.122.36:8079/Y2dn

Attributes

user_agent
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; BTRS125526)

Signatures

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike

Processes

C:\Users\Admin\AppData\Local\Temp\5d85b017444b2fab71ad0caeba8e6ab7f30a94f79a85ed256450e026a02e9132.exe
"C:\Users\Admin\AppData\Local\Temp\5d85b017444b2fab71ad0caeba8e6ab7f30a94f79a85ed256450e026a02e9132.exe"
1⤵
PID:2324

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2324-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/2324-1-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download

© 2018-2025

Terms | Privacy