Overview

overview

10

Static

static

Employee-Bonus.exe

windows7_x64

10

Employee-Bonus.exe

windows10_x64

10

Resubmissions

25-03-2021 14:02

210325-6mt4xffj46 10

08-03-2021 01:58

210308-r9csy6wkvx 10

26-02-2021 11:00

210226-9h1pkd739a 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Employee-Bonus.exe

  • Size

    97KB

  • Sample

    210308-r9csy6wkvx

  • MD5

    b2a682b8fe731d3c9a97b8fbf1cd84ae

  • SHA1

    ebbbbeadbfcff24fd604167a628cf12ab2bb9c6c

  • SHA256

    84cef0aed269e6213bfa213d95a3db625bcdde130f33bf4227436985e4473252

  • SHA512

    6aa9246f88e398d1167126e88c90fc5a4049d7361ec4853abd1094d667ba0be42964190f17c0b40615856d44724989439c2d9fb53cbd2b69b135832d8e8522f2

Score
10/10
cobaltstrikebackdoortrojan

Malware Config

Extracted

Family

cobaltstrike

Version

windows/download_exec

C2

http://jumpbill.com:443/image-directory/eso.jpg

Targets

    • Target

      Employee-Bonus.exe

    • Size

      97KB

    • MD5

      b2a682b8fe731d3c9a97b8fbf1cd84ae

    • SHA1

      ebbbbeadbfcff24fd604167a628cf12ab2bb9c6c

    • SHA256

      84cef0aed269e6213bfa213d95a3db625bcdde130f33bf4227436985e4473252

    • SHA512

      6aa9246f88e398d1167126e88c90fc5a4049d7361ec4853abd1094d667ba0be42964190f17c0b40615856d44724989439c2d9fb53cbd2b69b135832d8e8522f2

    Score
    10/10
    cobaltstrikebackdoortrojan

    • Cobaltstrike

      Detected malicious payload which is part of Cobaltstrike.

      trojanbackdoorcobaltstrike

    • Suspicious use of NtCreateProcessExOtherParentProcess

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks