cobaltstrike | 6bf23c4122c71ef1216d191a2329a964232069131abb96e36001eaf23ffb7fc5 | Triage

Analysis

max time kernel
132s
max time network
139s
platform
windows7_x64
resource
win7-20250207-en
resource tags

arch:x64arch:x86image:win7-20250207-enlocale:en-usos:windows7-x64system
submitted
21/03/2025, 08:51

Sharing

Report Analysis Logs

General

Target

6bf23c4122c71ef1216d191a2329a964232069131abb96e36001eaf23ffb7fc5.exe
Size

113KB
MD5

88fc2a88b0547c23470cd4c5964a0888
SHA1

4e50429d199940f07019ab371b628967d52ca789
SHA256

6bf23c4122c71ef1216d191a2329a964232069131abb96e36001eaf23ffb7fc5
SHA512

dbb257ade211e4f2c6c966e4540ecfb033086a11e2d10d3e64a99c1f40f007fb5f48ec3613d69f6a3a29f80e2f52f6eb2ec7e87a49a8d7d950fb4c775b394488
SSDEEP

1536:u+HeW2Ecdv8zjR/U4JWynSBwCcICYMaRXxvL9eZc4lsWb5d09dlou9msye:B1+JQa4J5owCctYMaRXXeZ7vMeUmsy

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://10.0.1.4:8090/HZkP

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENUSMSE)

Signatures

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike

C:\Users\Admin\AppData\Local\Temp\6bf23c4122c71ef1216d191a2329a964232069131abb96e36001eaf23ffb7fc5.exe
"C:\Users\Admin\AppData\Local\Temp\6bf23c4122c71ef1216d191a2329a964232069131abb96e36001eaf23ffb7fc5.exe"
1⤵
PID:1688

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1688-0-0x0000000000020000-0x0000000000023000-memory.dmp

Filesize
12KB

Download