Overview

overview

10

Static

static

8

ApiClient.dll

windows7-x64

1

ApiClient.dll

windows10-2004-x64

3

msvcp140.dll

windows7-x64

1

msvcp140.dll

windows10-2004-x64

3

setup.exe

windows7-x64

1

setup.exe

windows10-2004-x64

10

vcruntime140.dll

windows7-x64

3

vcruntime140.dll

windows10-2004-x64

3

vcruntime140_1.dll

windows7-x64

3

vcruntime140_1.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    139s
  • max time network
    142s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-03-2023 18:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    setup.exe

  • Size

    21.5MB

  • MD5

    9d311899c431152ceaa676c81c656d9f

  • SHA1

    6b64bf51869662caeca104254113678bb0ccf96f

  • SHA256

    7285efae50a67581e0748960f1800fd97a58945d95344a39985f22fd3d6bfb0b

  • SHA512

    91e4b86285b06c71afaa58acb6f2cea2d9222d30ee3c2993987b74b4205eb45147659930f54ac990438aca93a69576838b8c24d57b78bb89b9e555856d8adf13

  • SSDEEP

    196608:MKQ/WwVjXM4y33/hXJVBtnRVRW4kngMHGG:MKQRjJ+rVBtRHG

Score
10/10
cobaltstrike838968285backdoortrojan

Malware Config

Extracted

Family

cobaltstrike

Botnet

838968285

C2

http://d2oca100euqhv5.cloudfront.net:443/client-portal/insight

Attributes
  • access_type

    512

  • beacon_type

    2048

  • host

    d2oca100euqhv5.cloudfront.net,/client-portal/insight

  • http_header1

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAARQ29ubmVjdGlvbjogQ2xvc2UAAAAHAAAAAAAAAAMAAAACAAAAC0pTRVNTSU9OSUQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAARQ29ubmVjdGlvbjogQ2xvc2UAAAAHAAAAAAAAAAgAAAANAAAABQAAAAJpZAAAAAcAAAABAAAADwAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • jitter

    8448

  • polling_time

    30000

  • port_number

    443

  • sc_process32

    %windir%\syswow64\rundll32x.exe

  • sc_process64

    %windir%\sysnative\rundll32x.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCtI7P7EjdUTdb6ydcLvYfljr7MaP9stUdClJpVGaGdTFUh+8PKhNqh1bhQDaBQn3e+kWHKt+34pzVvPAdWaiBhVyPtIfIZrti0oraKW1PWo3E7pVECrpOIzlz9CR/JkvdYTHpGNp42C6b0wj0dh43WZtn6aRGGUgXC38oqsUImwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    6.711296e+07

  • unknown2

    AAAABAAAAA8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /client-portal/ping

  • user_agent

    Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36

  • watermark

    838968285

  • year

    256

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\setup.exe
    "C:\Users\Admin\AppData\Local\Temp\setup.exe"
    1⤵
      PID:2020

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2020-133-0x000002C7D7F40000-0x000002C7D7F84000-memory.dmp
      Filesize

      272KB

      Download
    • memory/2020-134-0x000002C7D7F90000-0x000002C7D8403000-memory.dmp
      Filesize

      4.4MB

      Download