Overview

overview

10

Static

static

a0cc60b4fa...0f.exe

windows7-x64

3

a0cc60b4fa...0f.exe

windows10-2004-x64

3

a69cf4fa61...7f.exe

windows7-x64

10

a69cf4fa61...7f.exe

windows10-2004-x64

10

a6dbbf3d86...75.exe

windows7-x64

7

a6dbbf3d86...75.exe

windows10-2004-x64

7

a783bb9edd...09.exe

windows7-x64

10

a783bb9edd...09.exe

windows10-2004-x64

10

ac89e5c3ba...5a.exe

windows7-x64

10

ac89e5c3ba...5a.exe

windows10-2004-x64

10

b6d4c3b56c...24.exe

windows7-x64

3

b6d4c3b56c...24.exe

windows10-2004-x64

3

b91eb833de...81.exe

windows7-x64

10

b91eb833de...81.exe

windows10-2004-x64

10

b959b003c1...74.exe

windows7-x64

10

b959b003c1...74.exe

windows10-2004-x64

10

ba8824a7c7...63.exe

windows7-x64

7

ba8824a7c7...63.exe

windows10-2004-x64

7

c0f1ebcca8...4a.exe

windows7-x64

10

c0f1ebcca8...4a.exe

windows10-2004-x64

10

c3117be60e...ea.exe

windows7-x64

10

c3117be60e...ea.exe

windows10-2004-x64

10

c492754e6c...ef.exe

windows7-x64

3

c492754e6c...ef.exe

windows10-2004-x64

3

c9cc4d95ca...cd.exe

windows7-x64

10

c9cc4d95ca...cd.exe

windows10-2004-x64

10

ca4a22ce76...20.exe

windows7-x64

10

ca4a22ce76...20.exe

windows10-2004-x64

10

cb949ebe87...26.exe

windows7-x64

10

cb949ebe87...26.exe

windows10-2004-x64

10

cbc0718c3c...99.exe

windows7-x64

10

cbc0718c3c...99.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    162s
  • max time network
    193s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-09-2022 15:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cbc0718c3c45ed4311aec5f83572b7b92d364ab4d16bc43582e781843bdef099.exe

  • Size

    430KB

  • MD5

    f380f09609171148b842223b439aad4c

  • SHA1

    1cb9344fdbe5bc4830adb3fe36f71e0be3a5121f

  • SHA256

    cbc0718c3c45ed4311aec5f83572b7b92d364ab4d16bc43582e781843bdef099

  • SHA512

    abd83d2ee893f3a4bd05d76a2a73d7b01609bf3d5a415e29e93822d7ee0ff46c8844a642700121b852803458f3ced247233577072a4d8c2a377aec66b4879d86

  • SSDEEP

    12288:dsOol4Xi9tQjNFrQ2RHJ2s843DdtCDVVscEfMDJ8t3+392Exh:dyxQjHHJ2s5BtYVnEfYM3eEExh

Score
10/10
blistercobaltstrikebackdoorloadertrojan

Malware Config

Signatures

  • BLISTER

    BLISTER is a downloader used to deliver other malware families.

    loaderblister
  • Cobaltstrike

    Detected malicious payload which is part of Cobaltstrike.

    trojanbackdoorcobaltstrike
  • Detect Blister loader x64 2 IoCs
    loader
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Users\Admin\AppData\Local\Temp\cbc0718c3c45ed4311aec5f83572b7b92d364ab4d16bc43582e781843bdef099.exe
    "C:\Users\Admin\AppData\Local\Temp\cbc0718c3c45ed4311aec5f83572b7b92d364ab4d16bc43582e781843bdef099.exe"
    1⤵
    • Loads dropped DLL
    PID:3216

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\sppcommdlg_64\sppcommdlg.dll
    Filesize

    633KB

    MD5

    229a758e232aeb49196c862655797e12

    SHA1

    73067102a6b37818f83121b9033087e291c667db

    SHA256

    49ba10b4264a68605d0b9ea7891b7078aeef4fa0a7b7831f2df6b600aae77776

    SHA512

    daf8f965e4f6f2b908c1dc104f4482412c6a972e58ee068774ca95f42a67ac5a91722909dd03b7101c0e4d5230befe6643c6d907d5170bf8321ab4960f3c0fae

    Download Submit

  • memory/3216-133-0x00007FFDEFB80000-0x00007FFDEFC22000-memory.dmp

    Filesize

    648KB

    Download

  • memory/3216-134-0x0000000002020000-0x0000000002061000-memory.dmp

    Filesize

    260KB

    Download

  • memory/3216-137-0x0000000002020000-0x000000000204B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/3216-138-0x0000000002020000-0x000000000204B000-memory.dmp

    Filesize

    172KB

    Download