cobaltstrike | bd284e8249ae905bae1c37e1c5607102a07e72852202a12031f64a1f89a311d0

Analysis

max time kernel
143s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
24-11-2022 13:09

Target

04.dll
Size

652KB
MD5

84542cf3fe1b4ce4f0c271bb7ae535a0
SHA1

04fdb97d22b420182c564aa80fded762620edd06
SHA256

bd284e8249ae905bae1c37e1c5607102a07e72852202a12031f64a1f89a311d0
SHA512

a6451b5535923e37b69d2fb9b445e0431a06ebea0b13b1d08471ce9f813d9b3c34c912cd78839612cc9b97b7dd1804d5c1ecb49465048be93a352de704f34c76
SSDEEP

12288:seuQw1mFiftr0qxZqZJXEfCdUfEZNzKivkliJoUwVwHsIPWCKB5:sYFifthWXEfIZNhkliJoU7ZPWCW5

Score

10^/10

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
FlawedGraceRAT
FlawedGrace is a full-featured RAT written in C++.
rat flawedgracerat

FlawedGraceRat Loader 3 IoCs

Detects FlawedGraceRat x64 loader in memory.

Processes:

resource	yara_rule
behavioral1/memory/1428-56-0x0000000001C10000-0x0000000001CB1000-memory.dmp	flawgrace_loader_x64
behavioral1/memory/1428-57-0x0000000001DD0000-0x0000000001E71000-memory.dmp	flawgrace_loader_x64
behavioral1/memory/1428-58-0x0000000001C10000-0x0000000001CB1000-memory.dmp	flawgrace_loader_x64

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\04.dll,#1
1⤵
PID:1428

memory/1428-54-0x000007FEF6F10000-0x000007FEF6FB3000-memory.dmp

Filesize
652KB

Download
memory/1428-55-0x000007FEF6E60000-0x000007FEF6F03000-memory.dmp

Filesize
652KB

Download
memory/1428-56-0x0000000001C10000-0x0000000001CB1000-memory.dmp

Filesize
644KB

Download
memory/1428-57-0x0000000001DD0000-0x0000000001E71000-memory.dmp

Filesize
644KB

Download
memory/1428-58-0x0000000001C10000-0x0000000001CB1000-memory.dmp

Filesize
644KB

Download
memory/1428-59-0x000007FEF6F10000-0x000007FEF6FB3000-memory.dmp

Filesize
652KB

Download