Overview

overview

10

Static

static

lib_oceanlotus.jar

windows7_x64

10

lib_oceanlotus.jar

windows10-2004_x64

7

Analysis

  • max time kernel
    136s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    04-07-2022 03:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    lib_oceanlotus.jar

  • Size

    2.7MB

  • MD5

    8acdd0fab685bfedb7bea4809c948d3a

  • SHA1

    c8a7ac966f696e6608f38a22f4676f1747772665

  • SHA256

    d85141e86a3eda6e74f2318d2b7553193789ce6dcf1a2c7266bba4666f0203f1

  • SHA512

    7b3672d90a85b7c0d9aad95409686491fecdf3e156e02c8d8ba4db0843646a299011330c83130e49a27e0d66dd9b5cdcc8bfa9bc66d4120e867823b6d17e75c5

Score
10/10
cobaltstrikebackdoortrojan

Malware Config

Signatures

  • Cobaltstrike

    Detected malicious payload which is part of Cobaltstrike.

    trojanbackdoorcobaltstrike
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Windows\system32\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\lib_oceanlotus.jar
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1068
    • C:\Windows\SysWOW64\bitsadmin.exe
      "C:\Windows\SysWOW64\bitsadmin.exe"
      2⤵
        PID:1708

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • \Users\Admin\AppData\Local\Temp\jna-63116079\jna3006304072950850062.dll
      Filesize

      241KB

      MD5

      3c016613eb59259f94e2add2b8d926c0

      SHA1

      e26183f9919ed1daf5c1856c16f8a074bd9ef6dc

      SHA256

      df09119557efe5a5fc2237996b09c3da34fb60eb3ff0c6a5b2a35ec4212e0119

      SHA512

      9e5a4240e276391c9480d0d96d953c12ebb315dc214383afb716091c090f157344901608d3d80f0ca3af80ff659d7d4dff6b21dff6c9512fa02a4cd5eb496ff6

      Download Submit
    • memory/1068-54-0x000007FEFC3E1000-0x000007FEFC3E3000-memory.dmp
      Filesize

      8KB

      Download
    • memory/1068-64-0x0000000002260000-0x0000000005260000-memory.dmp
      Filesize

      48.0MB

      Download
    • memory/1068-72-0x0000000002260000-0x0000000005260000-memory.dmp
      Filesize

      48.0MB

      Download
    • memory/1708-66-0x00000000000F0000-0x0000000000124000-memory.dmp
      Filesize

      208KB

      Download
    • memory/1708-68-0x0000000000000000-mapping.dmp
      Download
    • memory/1708-69-0x0000000075C51000-0x0000000075C53000-memory.dmp
      Filesize

      8KB

      Download
    • memory/1708-70-0x00000000000F0000-0x0000000000124000-memory.dmp
      Filesize

      208KB

      Download
    • memory/1708-71-0x0000000000200000-0x0000000000245000-memory.dmp
      Filesize

      276KB

      Download