Overview

overview

10

Static

static

3

13603ef6a7...26.exe

windows7-x64

10

13603ef6a7...26.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231025-en
  • resource tags

    arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system
  • submitted
    02-11-2023 18:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    13603ef6a756617dbcd2ff2cf1ed64fee29a8ac7ae532c0f86eaf9c3af6c5626.exe

  • Size

    2.3MB

  • MD5

    207bf78dab6316ec3c8c50f55ebecca4

  • SHA1

    8ebe10ffe2508b2151489712ebd23acda8602546

  • SHA256

    13603ef6a756617dbcd2ff2cf1ed64fee29a8ac7ae532c0f86eaf9c3af6c5626

  • SHA512

    8daebe1f3dbdfc7b286700831f4232652095029ce34aec2224f7c04ab62c2a3d6c582361119b36f27ef1d026ecf7f35b1d592b7eb2c21a07b51304d41471560f

  • SSDEEP

    49152:LE9FuXYNoA3yqWK7rb/TkvO90d7HjmAFd4A64nsfJiiloENknqQCB5EmcVI4JW1S:A37W7nqzEmcVIn

Score
10/10
cobaltstrikebackdoortrojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://124.71.215.112:8080/jquery-3.3.2.slim.min.js

Attributes
  • user_agent

    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Referer: http://code.jquery.com/ Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\13603ef6a756617dbcd2ff2cf1ed64fee29a8ac7ae532c0f86eaf9c3af6c5626.exe
    "C:\Users\Admin\AppData\Local\Temp\13603ef6a756617dbcd2ff2cf1ed64fee29a8ac7ae532c0f86eaf9c3af6c5626.exe"
    1⤵
      PID:2428

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2428-0-0x0000000000740000-0x0000000000741000-memory.dmp

      Filesize

      4KB

      Download