Malware Analysis Report

2024-08-06 07:56

Sample ID 231114-efn3vagh73
Target cd44d3c3a70678195484efa7715cc1e3fe8361d46e6a550c1afe44fb2b35f0a4
SHA256 cd44d3c3a70678195484efa7715cc1e3fe8361d46e6a550c1afe44fb2b35f0a4
Tags
cobaltstrike 1359593325 backdoor trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

cd44d3c3a70678195484efa7715cc1e3fe8361d46e6a550c1afe44fb2b35f0a4

Threat Level: Known bad

The file cd44d3c3a70678195484efa7715cc1e3fe8361d46e6a550c1afe44fb2b35f0a4 was found to be: Known bad.

Malicious Activity Summary

cobaltstrike 1359593325 backdoor trojan

Cobaltstrike

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2023-11-14 03:53

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2023-11-14 03:53

Reported

2023-11-14 03:55

Platform

win10v2004-20231023-en

Max time kernel

141s

Max time network

146s

Command Line

"C:\Users\Admin\AppData\Local\Temp\cd44d3c3a70678195484efa7715cc1e3fe8361d46e6a550c1afe44fb2b35f0a4.exe"

Signatures

Cobaltstrike

trojan backdoor cobaltstrike

Processes

C:\Users\Admin\AppData\Local\Temp\cd44d3c3a70678195484efa7715cc1e3fe8361d46e6a550c1afe44fb2b35f0a4.exe

"C:\Users\Admin\AppData\Local\Temp\cd44d3c3a70678195484efa7715cc1e3fe8361d46e6a550c1afe44fb2b35f0a4.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 122.175.53.84.in-addr.arpa udp
US 8.8.8.8:53 39.142.81.104.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 138.175.53.84.in-addr.arpa udp
DE 160.20.147.36:80 160.20.147.36 tcp
US 8.8.8.8:53 36.147.20.160.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
DE 160.20.147.36:80 160.20.147.36 tcp
US 8.8.8.8:53 214.80.50.20.in-addr.arpa udp

Files

memory/772-0-0x0000000000400000-0x000000000046F000-memory.dmp

memory/772-3-0x0000000000400000-0x000000000046F000-memory.dmp

memory/772-2-0x00000000005C0000-0x00000000005C7000-memory.dmp

memory/772-4-0x0000000000AF0000-0x0000000000B23000-memory.dmp

memory/772-5-0x0000000002640000-0x000000000267D000-memory.dmp

memory/772-6-0x0000000000400000-0x000000000046F000-memory.dmp

memory/772-7-0x0000000074BA0000-0x0000000074C0A000-memory.dmp

memory/772-10-0x00000000005C0000-0x00000000005C7000-memory.dmp

memory/772-13-0x0000000002640000-0x000000000267D000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-14 03:53

Reported

2023-11-14 03:55

Platform

win7-20231023-en

Max time kernel

148s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\cd44d3c3a70678195484efa7715cc1e3fe8361d46e6a550c1afe44fb2b35f0a4.exe"

Signatures

Cobaltstrike

trojan backdoor cobaltstrike

Processes

C:\Users\Admin\AppData\Local\Temp\cd44d3c3a70678195484efa7715cc1e3fe8361d46e6a550c1afe44fb2b35f0a4.exe

"C:\Users\Admin\AppData\Local\Temp\cd44d3c3a70678195484efa7715cc1e3fe8361d46e6a550c1afe44fb2b35f0a4.exe"

Network

Country Destination Domain Proto
DE 160.20.147.36:80 160.20.147.36 tcp
DE 160.20.147.36:80 160.20.147.36 tcp
DE 160.20.147.36:80 160.20.147.36 tcp

Files

memory/2136-1-0x0000000000400000-0x000000000046F000-memory.dmp

memory/2136-3-0x0000000000400000-0x000000000046F000-memory.dmp

memory/2136-0-0x0000000000290000-0x0000000000297000-memory.dmp

memory/2136-4-0x0000000000300000-0x0000000000333000-memory.dmp

memory/2136-5-0x00000000003B0000-0x00000000003ED000-memory.dmp

memory/2136-6-0x0000000000400000-0x000000000046F000-memory.dmp

memory/2136-7-0x0000000075080000-0x00000000750CE000-memory.dmp

memory/2136-10-0x0000000000290000-0x0000000000297000-memory.dmp

memory/2136-13-0x00000000003B0000-0x00000000003ED000-memory.dmp