cobaltstrike | 04648cf243c9b6ca12ddcbf7ef2c5da0ff885cd8ab8b72a06c8c4a9f8c9ffd5d | Triage

Analysis

max time kernel
132s
max time network
145s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
21/03/2025, 09:52

Sharing

Report Analysis Logs

General

Target

04648cf243c9b6ca12ddcbf7ef2c5da0ff885cd8ab8b72a06c8c4a9f8c9ffd5d.exe
Size

240KB
MD5

e780fd3aa69bf08ef1d37074c0b542db
SHA1

ea80a73dfdc16c8ad31d6328c73b4c72d86140df
SHA256

04648cf243c9b6ca12ddcbf7ef2c5da0ff885cd8ab8b72a06c8c4a9f8c9ffd5d
SHA512

1ea8e0b5a7a0007fc78bcbeb8a7ffb3e7171a0c09356b37221f626e41b90c976cc58835c26a4d2ea267b268c0077f3d1ab8c4d176cc288c7b0f01d7867d2f62d
SSDEEP

3072:OsxZF0BeaUGK2seRzbnFQFxE7ec6vENGDNALLVv13YryYpEm2MWZJ6wws9vs+0f2:LetngSehMNGD+LLVhYtpWWO

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://10.0.1.4:8090/HZkP

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENUSMSE)

Signatures

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike

C:\Users\Admin\AppData\Local\Temp\04648cf243c9b6ca12ddcbf7ef2c5da0ff885cd8ab8b72a06c8c4a9f8c9ffd5d.exe
"C:\Users\Admin\AppData\Local\Temp\04648cf243c9b6ca12ddcbf7ef2c5da0ff885cd8ab8b72a06c8c4a9f8c9ffd5d.exe"
1⤵
PID:1764

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1764-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download