cobaltstrike | 88cfede42188d89c02902431f688fd90b5947eb2155f6b40a1f75f3cfc010e2b | Triage

Submit
Reports

Overview

overview

Static

static

3

coba164.exe

windows7-x64

coba164.exe

windows10-2004-x64

coba164s.exe

windows7-x64

coba164s.exe

windows10-2004-x64

coba186.exe

windows7-x64

coba186.exe

windows10-2004-x64

coba186s.exe

windows7-x64

1

coba186s.exe

windows10-2004-x64

cobabecx86.exe

windows7-x64

3

cobabecx86.exe

windows10-2004-x64

cobabehttpx86.exe

windows7-x64

3

cobabehttpx86.exe

windows10-2004-x64

cobahttpx86.exe

windows7-x64

3

cobahttpx86.exe

windows10-2004-x64

cobasslx64.exe

windows7-x64

1

cobasslx64.exe

windows10-2004-x64

cobasx86.exe

windows7-x64

cobasx86.exe

windows10-2004-x64

cobax86_408.exe

windows7-x64

cobax86_408.exe

windows10-2004-x64

Analysis

max time kernel
95s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2024, 02:05

Sharing

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

coba164.exe

Resource

win7-20241010-en

cobaltstrike backdoor trojan

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

coba164.exe

Resource

win10v2004-20241007-en

cobaltstrike backdoor trojan

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral3

Sample

coba164s.exe

Resource

win7-20240903-en

cobaltstrike backdoor trojan

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral4

Sample

coba164s.exe

Resource

win10v2004-20241007-en

cobaltstrike backdoor trojan

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral5

Sample

coba186.exe

Resource

win7-20241023-en

metasploit backdoor discovery trojan

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral6

Sample

coba186.exe

Resource

win10v2004-20241007-en

metasploit backdoor discovery trojan

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral7

Sample

coba186s.exe

Resource

win7-20240729-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral8

Sample

coba186s.exe

Resource

win10v2004-20241007-en

metasploit backdoor discovery trojan

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral9

Sample

cobabecx86.exe

Resource

win7-20240903-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral10

Sample

cobabecx86.exe

Resource

win10v2004-20241007-en

cobaltstrike 305419896 backdoor discovery trojan

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral11

Sample

cobabehttpx86.exe

Resource

win7-20241010-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral12

Sample

cobabehttpx86.exe

Resource

win10v2004-20241007-en

cobaltstrike 305419896 backdoor discovery trojan

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral13

Sample

cobahttpx86.exe

Resource

win7-20240903-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral14

Sample

cobahttpx86.exe

Resource

win10v2004-20241007-en

metasploit backdoor discovery trojan

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral15

Sample

cobasslx64.exe

Resource

win7-20240903-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral16

Sample

cobasslx64.exe

Resource

win10v2004-20241007-en

cobaltstrike 305419896 backdoor trojan

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral17

Sample

cobasx86.exe

Resource

win7-20241010-en

metasploit backdoor discovery trojan

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral18

Sample

cobasx86.exe

Resource

win10v2004-20241007-en

metasploit backdoor discovery trojan

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral19

Sample

cobax86_408.exe

Resource

win7-20240903-en

metasploit backdoor discovery trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral20

Sample

cobax86_408.exe

Resource

win10v2004-20241007-en

metasploit backdoor discovery trojan

windows10-2004-x64

4 signatures

150 seconds

Report Analysis Logs

General

Target

coba164s.exe
Size

318KB
MD5

1715d2b27d963988cac67a955812e4d0
SHA1

8831d9c375b0f3df5e40731d091d468d5764dad2
SHA256

d61f250ce0bc5dd194878de7495bf657bf9749ead64130935c24b7b12978e683
SHA512

ea5a9a8266cba81ec3232c1ae41897f8ef6972851c15cb51fd364ee895f4edcff2e62babef8a278560e17b33e639ab1b0024c1de7024d4d0b3180f60adb1acc0
SSDEEP

6144:4FKitXrJ6qUIbupzBTk1TRnK+kuuEci72o0i/p1IEh:OstIeBTcK+kuuFFo0l

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://1nevadasports.com:443/erDB

Attributes

user_agent
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko

Signatures

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike

Processes

C:\Users\Admin\AppData\Local\Temp\coba164s.exe
"C:\Users\Admin\AppData\Local\Temp\coba164s.exe"
1⤵
PID:5072

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/5072-0-0x00000267740B0000-0x00000267740B1000-memory.dmp

Filesize
4KB

Download

© 2018-2025

Terms | Privacy