cobaltstrike | 88cfede42188d89c02902431f688fd90b5947eb2155f6b40a1f75f3cfc010e2b | Triage

Analysis

max time kernel
135s
max time network
148s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
30/12/2024, 02:05

Sharing

Report Analysis Logs

General

Target

coba164.exe
Size

318KB
MD5

f5b735e40d63c8a0eff9c64131efdb2f
SHA1

54666928682558b67f89a5c320f16b8650cc8d90
SHA256

478fce8dc2caf098beb2dd5695fdf57ab5117b36e53d92ec8de137b5138aa80c
SHA512

620ffdd28973a6078356b1090e6d0f207246686a3e270caf62b0c4d7b912602c83c15468abe340846123fb427cc2d29bb2b04fae7721672b721698653cbd6c5d
SSDEEP

6144:buEmSCZP781jWoYYMH7UtnvGu++vqIAJW8iocoEikKqn6Q:1678koYZUtg+vqICeroF2nl

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://217.12.218.46:80/YPbR

Attributes

user_agent
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko

Signatures

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike

C:\Users\Admin\AppData\Local\Temp\coba164.exe
"C:\Users\Admin\AppData\Local\Temp\coba164.exe"
1⤵
PID:2236

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2236-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download