cobaltstrike | 1485507e6b61175e2ea04d4866ee932620251b5ce895d78a959b7c4c5a2de18d

Resubmissions

07-01-2025 19:22

250107-x3kcaavmb1 10

07-01-2025 07:44

250107-jk35sa1mex 10

Analysis

max time kernel
93s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
07-01-2025 19:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

css/d.exe
Size

1.8MB
MD5

2698d20741e70dd169a307778685c083
SHA1

422a5dcf9e4a52d35d7de830879f3d9417fed263
SHA256

103398cd38586819bdb93a1d4a95ead155becc718c2ba96764598eafb073d79b
SHA512

95d1d428f6f18c393fbe1bfe182b16c97728fd55a6c6b9d76fd6f13a1feffc4ddf01d8ee0ad80061e48cdf519eaf0d5e82396b6386bb995c05a7ec430fd55434
SSDEEP

24576:lSX7P1/EmHZI9KLoYghoHmH7GKjU+oJRQoY3Y5w2FYp4b:lk7ZEmHZdL0KHmyKjuw2t

Score

10^/10

cobaltstrike backdoor discovery trojan

Malware Config

Extracted

Family

cobaltstrike

http://cs.xiaojingjingaihuifeng.xyz:443/wqerqwersdgfx64.jpg

Attributes

user_agent
Host: cs.xiaojingjingaihuifeng.xyz User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.163 Safari/535.1

Signatures

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Language	d.exe

C:\Users\Admin\AppData\Local\Temp\css\d.exe
"C:\Users\Admin\AppData\Local\Temp\css\d.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1748-0-0x0000017276C70000-0x0000017276C71000-memory.dmp

Filesize
4KB

Download
memory/1748-1-0x0000017278830000-0x0000017278C30000-memory.dmp

Filesize
4.0MB

Download
memory/1748-2-0x0000017278830000-0x0000017278C30000-memory.dmp

Filesize
4.0MB

Download