Overview

overview

10

Static

static

3

tmp/934465...av.exe

windows7_x64

10

tmp/934465...av.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    tmp/934465db-23cb-4c1e-9dcf-953621e3d3a0_bypassav.exe

  • Size

    6.8MB

  • Sample

    211215-2cf96aafh4

  • MD5

    569e38187f70271f61965efda2f37b7d

  • SHA1

    9a4ec4f85ae1489e38fb1855761c9b23010788fb

  • SHA256

    1ac1951c91a9dcc4db5c468a033a6dfa052fba60eb9a79ab3adb4a33b31e335e

  • SHA512

    04a7d5cac5d6e99fa4a0908b11586f22b825f212445d9bd770cea0767491e413d4a298f9529483311e21596f1d5865bb2fb12086bd027746ad6247ed25470c10

Score
10/10
cobaltstrikebackdoorpyinstallertrojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://103.239.103.17:8080/jquery-3.3.2.slim.min.js

Attributes
  • user_agent

    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Referer: http://code.jquery.com/ Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko

Targets

    • Target

      tmp/934465db-23cb-4c1e-9dcf-953621e3d3a0_bypassav.exe

    • Size

      6.8MB

    • MD5

      569e38187f70271f61965efda2f37b7d

    • SHA1

      9a4ec4f85ae1489e38fb1855761c9b23010788fb

    • SHA256

      1ac1951c91a9dcc4db5c468a033a6dfa052fba60eb9a79ab3adb4a33b31e335e

    • SHA512

      04a7d5cac5d6e99fa4a0908b11586f22b825f212445d9bd770cea0767491e413d4a298f9529483311e21596f1d5865bb2fb12086bd027746ad6247ed25470c10

    Score
    10/10
    cobaltstrikebackdoortrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks