Overview

overview

10

Static

static

3

41c5264493...81.exe

windows7-x64

10

41c5264493...81.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    145s
  • max time network
    167s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/01/2024, 19:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    41c5264493cb5ac580c53d20dbb62481.exe

  • Size

    50KB

  • MD5

    41c5264493cb5ac580c53d20dbb62481

  • SHA1

    d25df7b9ba176d59c1606a7b9ff4ec21eb6252ea

  • SHA256

    b00a0bfeb69d9d8cbb0a4f3ee980bfa23bf5f7eab3a23b14bc4fdc18fa135e9c

  • SHA512

    c1b108978f638e02a8998f027761f605154bb15874616173051f991dac28bcaac2f9f9ce513660a7bf50495f0ff259d44e74d7702903906c76b8c407e66763df

  • SSDEEP

    768:SXhcFT0i46+LBIhJ/zhMcBLIuF6IxnCx26GUOVmVl2rlaXYXKBUMNBvHcyQtWLV:MiA/6+LUTfmuUx26ys2x+Y+9UWLV

Score
10/10
cobaltstrikebackdoortrojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://192.168.10.136:8080/KoVM

Attributes
  • user_agent

    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENUSSEM)

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\41c5264493cb5ac580c53d20dbb62481.exe
    "C:\Users\Admin\AppData\Local\Temp\41c5264493cb5ac580c53d20dbb62481.exe"
    1⤵
      PID:4012

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4012-0-0x0000000000DC0000-0x0000000000DD2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/4012-1-0x0000000002F30000-0x0000000002F46000-memory.dmp

      Filesize

      88KB

      Download

    • memory/4012-2-0x0000000003060000-0x0000000003066000-memory.dmp

      Filesize

      24KB

      Download

    • memory/4012-4-0x00007FFD78F10000-0x00007FFD799D1000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/4012-3-0x0000000003070000-0x0000000003071000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4012-5-0x000000001B950000-0x000000001B960000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4012-6-0x00007FFD78F10000-0x00007FFD799D1000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/4012-7-0x000000001B950000-0x000000001B960000-memory.dmp

      Filesize

      64KB

      Download