Overview

overview

10

Static

static

1

17a3a43965...9c.exe

windows7-x64

10

17a3a43965...9c.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-10-2023 12:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    17a3a43965d837722d06da375c92c4d99598843b3a75ca46a3f15df6f4daa79c.exe

  • Size

    125KB

  • MD5

    528be2b89d45bfe4782b5c7a21ff3d10

  • SHA1

    f508d6033b97094a090f8eb5f3e1f5716b3fd2f6

  • SHA256

    17a3a43965d837722d06da375c92c4d99598843b3a75ca46a3f15df6f4daa79c

  • SHA512

    c09b22eeeab1c80ad62fdcb8d5f67e6f85c3413f0fddbb42d234a166b451d272f439a0d75708180d8f431c9c21740fb1d7fc91f2e7762536910a163660acba59

  • SSDEEP

    1536:2LWti/NwyOth893AAsnT+LNvF/P/v/P/v/grYol1FEOun8nwCMJkJwv:SNROH89wAcT+ZvWpH3+v

Score
10/10
cobaltstrike100000backdoortrojan

Malware Config

Extracted

Family

cobaltstrike

Botnet

100000

C2

http://service-2iwo0kg3-1306669097.bj.apigw.tencentcs.com:443/assets/code-3d7b701fc6eb.css

Attributes
  • access_type

    512

  • beacon_type

    2048

  • host

    service-2iwo0kg3-1306669097.bj.apigw.tencentcs.com,/assets/code-3d7b701fc6eb.css

  • http_header1

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAeQ29udGVudC1MYW5ndWFnZTogZGUtREUsIGVuLUNBAAAABwAAAAAAAAADAAAAAgAAAApTRVNTSU9OSUQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAeQ29udGVudC1MYW5ndWFnZTogZGUtREUsIGVuLUNBAAAABwAAAAAAAAADAAAAAgAAAAlKU0VTU0lPTj0AAAAGAAAABkNvb2tpZQAAAAcAAAABAAAAAwAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • jitter

    2560

  • polling_time

    5

  • port_number

    443

  • sc_process32

    %windir%\syswow64\esentutl.exe

  • sc_process64

    %windir%\sysnative\esentutl.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCfep/TSilfG1bUUWvcuoPniqb1ayJJ7CxTyGLdwTWr1+F6B0SgCOmoP0B3HxpBSE7ZDMQlFpGFePb78MYiWM0Ubwtp8aFLt12xutCsDMHUlp/Ti739hMtPwnpSCjqamGEtwELvj02hojLWq6XAtPgEfum9U/yn4RxH0MS9cxOrzQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    2.702512128e+09

  • unknown2

    AAAABAAAAAEAAAXyAAAAAgAAAFQAAAACAAAPWwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /qiyi

  • user_agent

    Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0)

  • watermark

    100000

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\17a3a43965d837722d06da375c92c4d99598843b3a75ca46a3f15df6f4daa79c.exe
    "C:\Users\Admin\AppData\Local\Temp\17a3a43965d837722d06da375c92c4d99598843b3a75ca46a3f15df6f4daa79c.exe"
    1⤵
      PID:4124

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4124-1-0x000000C285C00000-0x000000C285D00000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/4124-2-0x0000025F4AA60000-0x0000025F4AAAF000-memory.dmp

      Filesize

      316KB

      Download

    • memory/4124-3-0x0000025F4CC90000-0x0000025F4D090000-memory.dmp

      Filesize

      4.0MB

      Download

    • memory/4124-4-0x000000C285C00000-0x000000C285D00000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/4124-5-0x0000025F4CC90000-0x0000025F4D090000-memory.dmp

      Filesize

      4.0MB

      Download