Overview

overview

10

Static

static

333dedd9aa...25.exe

windows7_x64

10

333dedd9aa...25.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    333dedd9aa08687b59a8391c6837674a1f136cc1eff545e9459c6398a6b40925

  • Size

    321KB

  • Sample

    220122-pacsqsagf6

  • MD5

    82630f6faa5acc2c7ff75cb395436a12

  • SHA1

    71c0f210fb400eef6e302abbc67d1f37af1cc4c1

  • SHA256

    333dedd9aa08687b59a8391c6837674a1f136cc1eff545e9459c6398a6b40925

  • SHA512

    d00b292259d336cdb4c3eb565589757d3fb354d41ac77b22575a2561f33d39aeae4809c90de82c53b75aafa9aa54ac08ef141f358cc83f157fb2dea4bf2372a7

Score
10/10
cobaltstrikebackdoortrojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://212.129.249.163:443/jquery-3.3.2.slim.min.js

Attributes
  • user_agent

    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Host: baidu.comswhiwcnja.top Referer: http://code.jquery.com/ Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko

Targets

    • Target

      333dedd9aa08687b59a8391c6837674a1f136cc1eff545e9459c6398a6b40925

    • Size

      321KB

    • MD5

      82630f6faa5acc2c7ff75cb395436a12

    • SHA1

      71c0f210fb400eef6e302abbc67d1f37af1cc4c1

    • SHA256

      333dedd9aa08687b59a8391c6837674a1f136cc1eff545e9459c6398a6b40925

    • SHA512

      d00b292259d336cdb4c3eb565589757d3fb354d41ac77b22575a2561f33d39aeae4809c90de82c53b75aafa9aa54ac08ef141f358cc83f157fb2dea4bf2372a7

    Score
    10/10
    cobaltstrikebackdoortrojan

    • Cobaltstrike

      Detected malicious payload which is part of Cobaltstrike.

      trojanbackdoorcobaltstrike

    • Suspicious use of NtCreateProcessExOtherParentProcess

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks