cobaltstrike | 6bf23c4122c71ef1216d191a2329a964232069131abb96e36001eaf23ffb7fc5 | Triage

Submit
Reports

Overview

overview

Static

static

3

6bf23c4122...c5.exe

windows7-x64

6bf23c4122...c5.exe

windows10-2004-x64

Analysis

max time kernel
147s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
21/03/2025, 08:51

Sharing

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

6bf23c4122c71ef1216d191a2329a964232069131abb96e36001eaf23ffb7fc5.exe

Resource

win7-20250207-en

cobaltstrike backdoor trojan

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

6bf23c4122c71ef1216d191a2329a964232069131abb96e36001eaf23ffb7fc5.exe

Resource

win10v2004-20250314-en

cobaltstrike backdoor trojan

windows10-2004-x64

2 signatures

150 seconds

Report Analysis Logs

General

Target

6bf23c4122c71ef1216d191a2329a964232069131abb96e36001eaf23ffb7fc5.exe
Size

113KB
MD5

88fc2a88b0547c23470cd4c5964a0888
SHA1

4e50429d199940f07019ab371b628967d52ca789
SHA256

6bf23c4122c71ef1216d191a2329a964232069131abb96e36001eaf23ffb7fc5
SHA512

dbb257ade211e4f2c6c966e4540ecfb033086a11e2d10d3e64a99c1f40f007fb5f48ec3613d69f6a3a29f80e2f52f6eb2ec7e87a49a8d7d950fb4c775b394488
SSDEEP

1536:u+HeW2Ecdv8zjR/U4JWynSBwCcICYMaRXxvL9eZc4lsWb5d09dlou9msye:B1+JQa4J5owCctYMaRXXeZ7vMeUmsy

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://10.0.1.4:8090/HZkP

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENUSMSE)

Signatures

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike

Processes

C:\Users\Admin\AppData\Local\Temp\6bf23c4122c71ef1216d191a2329a964232069131abb96e36001eaf23ffb7fc5.exe
"C:\Users\Admin\AppData\Local\Temp\6bf23c4122c71ef1216d191a2329a964232069131abb96e36001eaf23ffb7fc5.exe"
1⤵
PID:5908

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/5908-0-0x0000024DD7700000-0x0000024DD7703000-memory.dmp

Filesize
12KB

Download

© 2018-2025

Terms | Privacy