Analysis
-
max time kernel
150s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
23-03-2023 23:04
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
tmp.exe
Resource
win10v2004-20230220-en
General
-
Target
tmp.exe
-
Size
153KB
-
MD5
1169d488346b8de569e52cb184b9131e
-
SHA1
e8cc0000b323d65d2a61d8d3d3e0a006ea7a63b3
-
SHA256
fb73d38fe273961e0bfb618ed21b9150f250fadf093118f247925692619547cb
-
SHA512
79f1b2d1e0c1b7e4bd3673d030d014432c1c788e8c0f90f711d2bfec1e71224e38de8fe09028fb19219467aa816fef8e56e7f8ea17e64cc34e73ce403db85042
-
SSDEEP
3072:+4Ri4MxDERjtKurTmlwJ6V9DwiulUAZRdVU1cmuT:JRYxgnKwQwJ2DtuaklT
Malware Config
Extracted
cobaltstrike
http://naporiz.com:443/image-directory/admin.gif
-
user_agent
Host: taobao.com Connection: close Accept: */* Accept-Language: fr-CH, fr;q=0.9, en;q=0.8, de;q=0.7, *;q=0.5 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_2) AppleWebKit/601.3.9 (KHTML, like Gecko) Version/9.0.2 Safari/601.3.9
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3676-133-0x000002085D3D0000-0x000002085D3D2000-memory.dmpFilesize
8KB