cobaltstrike | e08f320bff09e66d4620b81bde5c5e3a9adff17f3e09c7f3d82eb570c51459a5 | Triage

Submit
Reports

Overview

overview

Static

static

3

e08f320bff...a5.exe

windows7-x64

e08f320bff...a5.exe

windows10-2004-x64

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
27-06-2024 13:22

Sharing

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

e08f320bff09e66d4620b81bde5c5e3a9adff17f3e09c7f3d82eb570c51459a5.exe

Resource

win7-20240419-en

cobaltstrike backdoor trojan

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral2

Sample

e08f320bff09e66d4620b81bde5c5e3a9adff17f3e09c7f3d82eb570c51459a5.exe

Resource

win10v2004-20240611-en

cobaltstrike backdoor trojan

windows10-2004-x64

1 signatures

150 seconds

Report Analysis Logs

General

Target

e08f320bff09e66d4620b81bde5c5e3a9adff17f3e09c7f3d82eb570c51459a5.exe
Size

162KB
MD5

cc36f39af1b63b75ffdda3410b32633d
SHA1

dea46120369a4610d0a7a027ca2cee59b0c51d4b
SHA256

e08f320bff09e66d4620b81bde5c5e3a9adff17f3e09c7f3d82eb570c51459a5
SHA512

446422dd58e962100c4454e2aec2b75be5c1c4078fc58a8b79fc7dbad6f4c2dc0a5e3922e98e81755fa63c61f740f5ad4078ab52e4ec20900160ddc62bf11e3a
SSDEEP

1536:T00MZ1Jcffffffffffffffffffffffffffffffffffffffffffffffffffflfffd:T1O1

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://192.168.253.128:11802/s3nI

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; Xbox)

Signatures

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

Processes

C:\Users\Admin\AppData\Local\Temp\e08f320bff09e66d4620b81bde5c5e3a9adff17f3e09c7f3d82eb570c51459a5.exe
"C:\Users\Admin\AppData\Local\Temp\e08f320bff09e66d4620b81bde5c5e3a9adff17f3e09c7f3d82eb570c51459a5.exe"
1⤵
PID:1900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4304,i,12594301322143882025,16832588342008839449,262144 --variations-seed-version --mojo-platform-channel-handle=4028 /prefetch:8
1⤵
PID:3132

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1900-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/1900-1-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download

© 2018-2024

Terms | Privacy