Overview

overview

10

Static

static

eeed654010...6c.exe

windows7_x64

10

eeed654010...6c.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    146s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    27-06-2022 10:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    eeed6540103c1717bedc2eb6e66198221e9edc529ad0745a60af7aafa726526c.exe

  • Size

    1.1MB

  • MD5

    38f451fa0dfed940e9dd140aca2ba24e

  • SHA1

    7c85b3331270eac735f2da3ac6aeac02a6db3e05

  • SHA256

    eeed6540103c1717bedc2eb6e66198221e9edc529ad0745a60af7aafa726526c

  • SHA512

    1b4d470827df6461edb59b3d520c9f86cd1c7e757a6d95f9cd4625df799b2faa4da051aac1923bf0571a06eb337dacb43d80aa04ef30ce2a8f5090abaffe889a

Score
10/10
cobaltstrike1backdoortrojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://sec.qaxnb.lol:8443/react.development.js

Attributes
  • user_agent

    Accept: text/html, application/xhtml+xml, image/jxr, */* Referer: https://unpkg.com/browse/react@17.0.2/umd/ User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Win64; x64; Trident/4.0) Host: sec.qaxnb.lol

Extracted

Family

cobaltstrike

Botnet

1

C2

http://sec.qaxnb.lol:8443/api/groovy

Attributes
  • access_type

    512

  • beacon_type

    2048

  • host

    sec.qaxnb.lol,/api/groovy

  • http_header1

    AAAABwAAAAAAAAADAAAAAgAAAApTRVNTSU9OSUQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAABwAAAAAAAAADAAAAAgAAAAlKU0VTU0lPTj0AAAAGAAAABkNvb2tpZQAAAAcAAAABAAAAAwAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • polling_time

    3000

  • port_number

    8443

  • sc_process32

    %windir%\syswow64\WerFault.exe

  • sc_process64

    %windir%\sysnative\WerFault.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCHMO8y1wBCAjFbDB4YeNRRkTcqs19kCI4v83hQQdz4fzzBhu5JinovYNc0vrQC32y5DAPf9LcS4lpMkSopFeixUvRO4boT0+EiOPu5DIUHUwccExusG5w8jCn1b6dtf+8+9RZITmCxWW/bUhuUKNk+mWnlYLTw9HkpgiwmOqpA8wIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    1.481970944e+09

  • unknown2

    AAAABAAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /api/package

  • user_agent

    Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Win64; x64; Trident/4.0)

  • watermark

    1

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\eeed6540103c1717bedc2eb6e66198221e9edc529ad0745a60af7aafa726526c.exe
    "C:\Users\Admin\AppData\Local\Temp\eeed6540103c1717bedc2eb6e66198221e9edc529ad0745a60af7aafa726526c.exe"
    1⤵
      PID:4236

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4236-130-0x00007FF707A70000-0x00007FF707BEB000-memory.dmp
      Filesize

      1.5MB

      Download
    • memory/4236-131-0x000001D02B690000-0x000001D02B74C000-memory.dmp
      Filesize

      752KB

      Download
    • memory/4236-132-0x000001D02B290000-0x000001D02B690000-memory.dmp
      Filesize

      4.0MB

      Download
    • memory/4236-133-0x000001D02B690000-0x000001D02B74C000-memory.dmp
      Filesize

      752KB

      Download
    • memory/4236-134-0x000001D02B290000-0x000001D02B690000-memory.dmp
      Filesize

      4.0MB

      Download