Overview

overview

10

Static

static

1

安全补丁.exe

windows7-x64

10

安全补丁.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-02-2023 13:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    安全补丁.exe

  • Size

    144KB

  • MD5

    dfd95f2bca6e2e92c0c20848176a5133

  • SHA1

    85d9104856805940bc2777e56da3836563b2fd40

  • SHA256

    d3e4cd32adfdb149afd072348c808e0d1f188f5d57cf97b28a078384aa55a784

  • SHA512

    494216d99c9f15b3d4bbbbdf1a646d6f12ada652f2b8d9afd0dd4d3c8282dd9ef8cadc2dc56172edcdb5f12ff4b8ba8102d9acf9df21dd0ed030983fc0490e80

  • SSDEEP

    3072:PoZbh1k+AzSy5UY43qHt4Cq1KM+ct5cZXRcBo0tg:PoH1k17aZC

Score
10/10
cobaltstrike0backdoortrojan

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

C2

http://service-avjzziu8-1253795072.gz.apigw.tencentcs.com:443/api/auth/v1/log

Attributes
  • access_type

    512

  • beacon_type

    2048

  • dns_idle

    1.920103026e+09

  • dns_sleep

    2.281701376e+09

  • host

    service-avjzziu8-1253795072.gz.apigw.tencentcs.com,/api/auth/v1/log

  • http_header1

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAcAAAAAAAAAAwAAAAIAAAAKU0VTU0lPTklEPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAARQ29ubmVjdGlvbjogY2xvc2UAAAAKAAAAJUFjY2VwdC1MYW5ndWFnZTogZW4tR0I7cT0wLjksICo7cT0wLjcAAAAKAAAAGENvbnRlbnQtVHlwZTogdGV4dC9wbGFpbgAAAAcAAAAAAAAAAwAAAAIAAAAJSlNFU1NJT049AAAABgAAAAZDb29raWUAAAAHAAAAAQAAAAMAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_method1

    GET

  • http_method2

    POST

  • jitter

    9984

  • maxdns

    245

  • polling_time

    18016

  • port_number

    443

  • sc_process32

    %windir%\syswow64\runonce.exe

  • sc_process64

    %windir%\sysnative\runonce.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCMBwlzJxqJdNKqYp0E8oXTNufnwWZ07HkSwIl2J/vKHT6cOVN6daVpSBMtW1cio3mN/kXEdczBCp8Kt6jya+daqD7xJ/Ah9TPdvtX7hDUtNoLcCphkQT/0eRlTAzC75MYhYeCjv3Duw1hQTG4cmmHLxMHThPLeR5S8L9HHXQCuPQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    1.481970944e+09

  • unknown2

    AAAABAAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /api/baidu/auth

  • user_agent

    Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.190 Safari/537.36

  • watermark

    0

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\安全补丁.exe
    "C:\Users\Admin\AppData\Local\Temp\安全补丁.exe"
    1⤵
      PID:1196

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1196-132-0x00000000008A0000-0x000000000091E000-memory.dmp

      Filesize

      504KB

      Download

    • memory/1196-133-0x0000000002D70000-0x0000000003170000-memory.dmp

      Filesize

      4.0MB

      Download

    • memory/1196-134-0x00000000008A0000-0x000000000091E000-memory.dmp

      Filesize

      504KB

      Download

    • memory/1196-135-0x0000000002D70000-0x0000000003170000-memory.dmp

      Filesize

      4.0MB

      Download