Analysis
-
max time kernel
148s -
max time network
153s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
24/02/2024, 12:38
Static task
static1
Behavioral task
behavioral1
Sample
497a5960da599d964bfc71410077814b5582cfb10e1a9443a10e432464b2fcc1.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
497a5960da599d964bfc71410077814b5582cfb10e1a9443a10e432464b2fcc1.exe
Resource
win10v2004-20240221-en
General
-
Target
497a5960da599d964bfc71410077814b5582cfb10e1a9443a10e432464b2fcc1.exe
-
Size
1.5MB
-
MD5
bb8c8fbcba7a1d2e8d5d0bf230482de4
-
SHA1
859e912eddee12ab4ec4f57b65ee06938e04f3a8
-
SHA256
497a5960da599d964bfc71410077814b5582cfb10e1a9443a10e432464b2fcc1
-
SHA512
47547d50836787349f0a6fadebf0ae4cee9e0b3ce9d8ddcfa2b89f6c81e85d8464f9c68b80e550ab4a865c97e45f81da9143848eab0b50aaddd4d6f65c3392a8
-
SSDEEP
24576:/+OL3IpG0xi+NZIVF5hNlqktbflnuEJLJpN197H:XDIpG6fWhSibpJpX97
Malware Config
Extracted
cobaltstrike
http://192.168.137.3:80/frCB
-
user_agent
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727)
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.