Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
21-01-2021 06:19
Static task
static1
Behavioral task
behavioral1
Sample
566aa77fe83a1964a7f44ca69b1477a50b1f93ab42df4b137c7177cb38531368.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
566aa77fe83a1964a7f44ca69b1477a50b1f93ab42df4b137c7177cb38531368.exe
Resource
win10v20201028
General
-
Target
566aa77fe83a1964a7f44ca69b1477a50b1f93ab42df4b137c7177cb38531368.exe
-
Size
281KB
-
MD5
8104f69d3822c903742bfa27960d3b6a
-
SHA1
431f3181805ff9e071d600e7a4a122099d2630ee
-
SHA256
566aa77fe83a1964a7f44ca69b1477a50b1f93ab42df4b137c7177cb38531368
-
SHA512
1ab0c1331807804190838f9650c09a54cca3537ffc6aa69385a62aec3e00367e9f12aea855dbda91fac9bc65801e7b59ccbc1d579d54d78e5bd6027249b8c724
Malware Config
Extracted
cobaltstrike
http://207.148.123.136:12443/as.html
-
access_type
0
-
beacon_type
0
-
create_remote_thread
0
-
day
0
-
dns_idle
0
-
dns_sleep
0
- host
- http_header1
- http_header2
- http_method1
- http_method2
- injection_process
-
jitter
0
-
maxdns
0
-
month
0
- pipe_name
-
polling_time
0
-
port_number
0
- proxy_password
- proxy_server
- proxy_username
- sc_process32
- sc_process64
- state_machine
-
unknown1
0
- unknown2
-
unknown3
0
-
unknown4
0
-
unknown5
0
- uri
- user_agent
-
year
0
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.