Overview

overview

10

Static

static

3

7d9620b0e4...bb.exe

windows7-x64

10

7d9620b0e4...bb.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    22-09-2023 06:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7d9620b0e406b0aeefe45a987216ac455382d7be45722ea001cbcd773b7904bb.exe

  • Size

    653KB

  • MD5

    5fa0dc5885138db2cd215f4541c38798

  • SHA1

    f16915ab0cd16e3241d1716724c4deaf32db3b8a

  • SHA256

    7d9620b0e406b0aeefe45a987216ac455382d7be45722ea001cbcd773b7904bb

  • SHA512

    4bd79a6835ef6bcfb8bcd18d66e0cc08a4b5089cfdffdba5430cd949c0e824f6e906b241994c41f1e2fd3d9f589fa145258ce3d0067205cf3cd2eaa32e51f55a

  • SSDEEP

    12288:JP3hrZ98Cb2Ff0wLXidDNhtnBJzIxaRK3OdhaivMAd:JP3hD8Cb2Ff0OkDRBJzuCK+3ZMAd

Score
10/10
cobaltstrike0100000backdoortrojan

Malware Config

Extracted

Family

cobaltstrike

Botnet

100000

C2

http://106.14.201.1:443/push

Attributes
  • access_type

    512

  • beacon_type

    2048

  • host

    106.14.201.1,/push

  • http_header1

    AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • polling_time

    60000

  • port_number

    443

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCpR/sl9WIVi5K4RIEeSURjnR0Z7VU7NP/Hd3hZ+u8EjNhERGIpQeEELHtE0oE28DuiurLrVNfl07MeAl5fUaJcsVi3OsyfYXmNi9zJQqBHhe+SFOmDxuDyz9czpTpxRgB+Ej+ETYWV6wTr39ji5VaZ/HgJYMsGxpXX/SGKTub2OwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /submit.php

  • user_agent

    Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; QQDownload 733; InfoPath.2)

  • watermark

    100000

Extracted

Family

cobaltstrike

Botnet

0

Attributes
  • watermark

    0

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\7d9620b0e406b0aeefe45a987216ac455382d7be45722ea001cbcd773b7904bb.exe
    "C:\Users\Admin\AppData\Local\Temp\7d9620b0e406b0aeefe45a987216ac455382d7be45722ea001cbcd773b7904bb.exe"
    1⤵
      PID:2984

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2984-0-0x0000000001EF0000-0x0000000001F31000-memory.dmp
      Filesize

      260KB

      Download
    • memory/2984-1-0x0000000001F40000-0x0000000001F8F000-memory.dmp
      Filesize

      316KB

      Download
    • memory/2984-2-0x000000013F290000-0x000000013F341000-memory.dmp
      Filesize

      708KB

      Download
    • memory/2984-3-0x0000000001F40000-0x0000000001F8F000-memory.dmp
      Filesize

      316KB

      Download