Overview

overview

10

Static

static

3

STUN.exe

windows7-x64

10

STUN.exe

windows10-2004-x64

10

Resubmissions

02-10-2023 13:17

231002-qjh7jsba7z 10

02-10-2023 13:03

231002-qarsbsce88 10

Analysis

  • max time kernel
    140s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    02-10-2023 13:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    STUN.exe

  • Size

    633KB

  • MD5

    7efd3c231c6d7613c8fd43c8db4fedd1

  • SHA1

    407e7c91fbfa9b8e83cf377bb78ac63e6258bc60

  • SHA256

    f1237e97949054e65fda58c114d87b78365f1c144afcb66c80d2e12afce5ccf5

  • SHA512

    8bd52171770606c4ad56d946733dc85fbf7e2a47bedf40a0565136a8af1616af722814a908aff0a8e352fc412b826cd9f513947a0c5862fcdf75df1623602fb1

  • SSDEEP

    12288:lBr2SeCp+maN8ab6nWL3EiBXntVvmbzvYFhlowf:lQSeCp+maN8aOcfBXaXvYFhlowf

Score
10/10
cobaltstrike2054703013backdoortrojan

Malware Config

Extracted

Family

cobaltstrike

Botnet

2054703013

Attributes
  • beacon_type

    512

  • http_header1

    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • pipe_name

    \\.\pipe\ShellEx_16293

  • polling_time

    10000

  • port_number

    4444

  • sc_process32

    C:\Program Files\Internet Explorer\iexplore.exe

  • sc_process64

    C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCFwRSKy+wJdUGoi4KzpzMgx9ZqYYu8f3UnX2Q3zqpf5IDomyPoPeaBKNjibKz4/7yn3tlCbKmPvFnKFbxq14KWM5sgVo6c0skgU77y1tzpA3MG4opi5B4wPqW87qRaetcedUY8Sx1zpBHVTBWvc5rCgdckdpO73khs8UjBuMHCWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    5.47428096e+08

  • unknown2

    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • watermark

    2054703013

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\STUN.exe
    "C:\Users\Admin\AppData\Local\Temp\STUN.exe"
    1⤵
      PID:2448

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2448-0-0x000000013F670000-0x000000013F70A000-memory.dmp

      Filesize

      616KB

      Download

    • memory/2448-1-0x0000000001CC0000-0x0000000001F7B000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/2448-2-0x0000000000100000-0x0000000000102000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2448-3-0x000000013F670000-0x000000013F70A000-memory.dmp

      Filesize

      616KB

      Download