Overview

overview

10

Static

static

oben32.dll

windows7_x64

10

oben32.dll

windows10_x64

10

Analysis

  • max time kernel
    122s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    14-12-2021 13:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    oben32.dll

  • Size

    354KB

  • MD5

    b873bfa8dec8c3a1f62c30903e59e849

  • SHA1

    2c4aaefe0c20843db9b9f4996d42c7563b081097

  • SHA256

    fba9dd0ebb8d838fa394cda10dca50450d8c0fc6158deff38904072140d64507

  • SHA512

    a8c0a467788335297f34b9a60401b0ef50e023d0efc0b77eaf560decc785ed2c2b79534e14451aab747e307baa057fad0956e2941ff28b9995d4dbbd6e762457

Score
10/10
cobaltstrikebackdoortrojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://api.musicbee.getlist.destinycraftpe.com:443/azure/v2/api

Attributes
  • user_agent

    Content-Type: application/json accept: */* cookie: HSID=cl0gxhLgPAirQvdbj sec-ch-ua: Chromium;v=91 sec-ch-ua-mobile: ?0 sec-fetch-site: same-site sec-fetch-mode: cors sec-fetch-dest: empty accept-encoding: gzip, deflate accept-language: en X-Amz-Cf-Pop: HTL55-C2 User-Agent: MusicBee/3.4

Signatures

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\oben32.dll
    1⤵
      PID:1448

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1448-54-0x000007FEFC261000-0x000007FEFC263000-memory.dmp
      Filesize

      8KB

      Download
    • memory/1448-55-0x0000000000290000-0x0000000000291000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1448-56-0x0000000002EB0000-0x00000000032B0000-memory.dmp
      Filesize

      4.0MB

      Download