Analysis
-
max time kernel
147s -
max time network
148s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
24/02/2024, 11:33
Behavioral task
behavioral1
Sample
5b48c08f366aa5a387d9b9d5be7446ff065535f69c81526960c3125ebd111cd2.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
5b48c08f366aa5a387d9b9d5be7446ff065535f69c81526960c3125ebd111cd2.exe
Resource
win10v2004-20240221-en
General
-
Target
5b48c08f366aa5a387d9b9d5be7446ff065535f69c81526960c3125ebd111cd2.exe
-
Size
1.3MB
-
MD5
ec5f7dabb132566a5fb6eea491954f56
-
SHA1
127645770319649a56f5e82502226876e1f9db19
-
SHA256
5b48c08f366aa5a387d9b9d5be7446ff065535f69c81526960c3125ebd111cd2
-
SHA512
72e3432e9e857773b1160cd96e59e17e8596b501fcd6f657f6544548d13cb0d9d2cde954cd83fac85379af35ca7ae5c4600486d76d6b70ee578a98d123af3bfa
-
SSDEEP
24576:V/AxGXeC21+NZIQWrt6AoVg7yB0VyOJ+fUTRVDqntU5Rsly:qieCbf+VjpRVD9Rs
Malware Config
Extracted
cobaltstrike
http://192.168.137.3:80/frCB
-
user_agent
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727)
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.