Overview

overview

10

Static

static

10

0a1b85f060...02.exe

windows7_x64

10

0a1b85f060...02.exe

windows10_x64

10

Analysis

  • max time kernel
    125s
  • max time network
    127s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    29-06-2021 18:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0a1b85f0609b8db3f42d92ee2a915002.exe

  • Size

    224KB

  • MD5

    0a1b85f0609b8db3f42d92ee2a915002

  • SHA1

    1519c614696e7e3fafe443e966f6da1b10582c61

  • SHA256

    810e54966a574462b8e05faf26fe58a4e10b16e09bca1c5994c08741d26b3afe

  • SHA512

    a1404ae658e69b1edd5324b643fb207fc733b19fda6d18cbcebe84af0ce2897a2443250db797d3f93bb6680313b85bf03b632ebae16363eacff3ad75eaeec8a6

Score
10/10
cobaltstrike1873433027backdoortrojan

Malware Config

Extracted

Family

cobaltstrike

Botnet

1873433027

C2

http://91.205.173.13:8080/IE9CompatViewList.xml

Attributes
  • access_type

    512

  • beacon_type

    2048

  • host

    91.205.173.13,/IE9CompatViewList.xml

  • http_header1

    AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_method1

    GET

  • http_method2

    POST

  • maxdns

    255

  • polling_time

    60000

  • port_number

    8080

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJsnp8B09qdr9gDmg29SqiMzPmJ6w5wuM4Bmsagm1tNX/ZgSB2pdnMRegpVPy53qHU/xZFUltNfiRtPgj1aIWNsuG8yNetprKpeix9fABkp1UuvOe+doVUF5cB1ZuJ7O3WxUWX5P8DlxUa5DG/HPQOQm0HWP4kOYamrCchWb2PewIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /submit.php

  • user_agent

    Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; BOIE8;ENUS)

  • watermark

    1873433027

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\0a1b85f0609b8db3f42d92ee2a915002.exe
    "C:\Users\Admin\AppData\Local\Temp\0a1b85f0609b8db3f42d92ee2a915002.exe"
    1⤵
      PID:856

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/856-114-0x0000000000760000-0x00000000007A5000-memory.dmp
      Filesize

      276KB

      Download