Overview

overview

10

Static

static

10

Clipper.exe

windows7-x64

10

Clipper.exe

windows10-2004-x64

10

Miner.exe

windows7-x64

10

Miner.exe

windows10-2004-x64

10

Rat.exe

windows7-x64

10

Rat.exe

windows10-2004-x64

10

Stealer.exe

windows7-x64

10

Stealer.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    155s
  • max time network
    165s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    12/10/2023, 04:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Rat.exe

  • Size

    281KB

  • MD5

    f8c994f9200f4155e881ab90ab1598a7

  • SHA1

    608211dd3ce29cd93bb85aceae5753668cedaa97

  • SHA256

    7b32248b74221a7079688ad6b857505a22f9de5d0f78100112816918636de0dd

  • SHA512

    0e5ff8950f3d17d416e0b4929ad2e1a3449c36ff20e344ecaa60566755f0513a1fe64b1c3bc49ed5178a5793d6e853a0c34cf5735f9dbc73af1e71cb886430e4

  • SSDEEP

    6144:xC6hRwvyDGFJ7AuEDjATIKqWk7e7HqV6TI9X+kGnvFo0e:xRwvyUJ79EDjAcKVqVikGnO0

Score
10/10
cobaltstrike0backdoortrojan

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

C2

http://45.66.230.113:120/match

Attributes
  • watermark

    0

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\Rat.exe
    "C:\Users\Admin\AppData\Local\Temp\Rat.exe"
    1⤵
      PID:1196

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1196-1-0x00000000004A0000-0x00000000004EE000-memory.dmp

      Filesize

      312KB

      Download

    • memory/1196-0-0x0000000000450000-0x0000000000491000-memory.dmp

      Filesize

      260KB

      Download

    • memory/1196-2-0x0000000000400000-0x000000000044E000-memory.dmp

      Filesize

      312KB

      Download

    • memory/1196-3-0x00000000004A0000-0x00000000004EE000-memory.dmp

      Filesize

      312KB

      Download