Overview

overview

10

Static

static

3

bd959353bc...62.exe

windows7-x64

10

bd959353bc...62.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    10-04-2024 13:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bd959353bc6c05b085fc37589ea2ccd2c91aaf05ec7cf1a487f5de7fa0abc962.exe

  • Size

    364KB

  • MD5

    03e48c514673b6a6fab2659b7754d779

  • SHA1

    9a7a1db62588f0da12bdbbe8f7e6775b15409a05

  • SHA256

    bd959353bc6c05b085fc37589ea2ccd2c91aaf05ec7cf1a487f5de7fa0abc962

  • SHA512

    8952e4a5365a5b79e9e12bb362efa11fd1f03ff3b3ac32755320e9c2f56f55f67aec95c9d9adba1c75c3afb84b9d8d4c59a85c76dcfca82290a3abcd5aa2d1e1

  • SSDEEP

    6144:sQYv9PCF0Pz6HeAGQjy3YfIh0dVix3fzmcnCzxzW7+6esAN:srsG7bUIOObmjzr6x6

Score
10/10
cobaltstrike426352781backdoortrojan

Malware Config

Extracted

Family

cobaltstrike

Botnet

426352781

C2

http://pypi.python.org:443/latest/pip-check

Attributes
  • access_type

    512

  • beacon_type

    2048

  • host

    pypi.python.org,/latest/pip-check

  • http_header1

    AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAAAoAAAAfUmVmZXJlcjogaHR0cDovL3d3dy5weXRob24ub3JnLwAAAAoAAAAeQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlAAAABwAAAAAAAAANAAAAAgAAAAdfX3V0bXo9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAAAoAAAAfUmVmZXJlcjogaHR0cDovL3d3dy5weXRob24ub3JnLwAAAAoAAAAeQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlAAAABwAAAAAAAAAPAAAADQAAAAUAAAAGX191dG16AAAABwAAAAEAAAAPAAAADQAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • jitter

    2560

  • polling_time

    1000

  • port_number

    443

  • sc_process32

    %windir%\syswow64\dllhost.exe

  • sc_process64

    %windir%\sysnative\dllhost.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCmV0fCtMxIXtGF3+FyYKSiU1yVjtm3FlG6Mej3iMRBgSTd45Sa41JLXaoOjKxePWNN4wyUUInzIPEYA6fdx4N/+zwru33xzNAdipcbN3RLZg8v3s8Zu6vVXoj7apcBJy2ObQsYhoYAialaTKe4dWOVnbUJK46Ve8gDPeudH52IRQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    1.733629184e+09

  • unknown2

    AAAABAAAAAEAAAACAAAAAgAAAAoAAAACAAAAAAAAAA0AAAAPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /latest/check

  • user_agent

    Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.125 Safari/537.36

  • watermark

    426352781

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\bd959353bc6c05b085fc37589ea2ccd2c91aaf05ec7cf1a487f5de7fa0abc962.exe
    "C:\Users\Admin\AppData\Local\Temp\bd959353bc6c05b085fc37589ea2ccd2c91aaf05ec7cf1a487f5de7fa0abc962.exe"
    1⤵
      PID:2948

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
      Filesize

      1KB

      MD5

      a266bb7dcc38a562631361bbf61dd11b

      SHA1

      3b1efd3a66ea28b16697394703a72ca340a05bd5

      SHA256

      df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

      SHA512

      0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1
      Filesize

      867B

      MD5

      c5dfb849ca051355ee2dba1ac33eb028

      SHA1

      d69b561148f01c77c54578c10926df5b856976ad

      SHA256

      cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b

      SHA512

      88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
      Filesize

      242B

      MD5

      c99e2e7ee988ebcf193e183553a67d00

      SHA1

      6456d81d9566cd80098c34ea1db410045ba55beb

      SHA256

      87405b0b913f6f8cc9ff9497c09b7063fa5705843ab2f928fbc9e97f24684dfc

      SHA512

      228396586c912cd054876633bc08302ba95d7c900c0179115b1e320f283d65ce69129a1ef2aeacbdc30528fe237402ee4d1cb993797c362b3045ae1c388501a0

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1
      Filesize

      242B

      MD5

      0f613f164297c5fb80df63ea1c8bf43f

      SHA1

      455e4b4b2fff8cfac09ca9e8836b94e62c392d5b

      SHA256

      16238d03dcdeb65986e1b3163ced72dabac5f073b20605387ece2d320fcaa8fb

      SHA512

      83449aa1c11c62ded1496549457be78faa0a1088b04124c2aa78427f2bb9dc428dac115327483e81466ca0e5f81712278197b190742659300d54583505193764

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar62BE.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit
    • memory/2948-0-0x0000000000400000-0x0000000000463000-memory.dmp
      Filesize

      396KB

      Download
    • memory/2948-9-0x00000000027A0000-0x00000000027EE000-memory.dmp
      Filesize

      312KB

      Download
    • memory/2948-8-0x0000000003460000-0x00000000034E0000-memory.dmp
      Filesize

      512KB

      Download
    • memory/2948-7-0x0000000003460000-0x00000000034E0000-memory.dmp
      Filesize

      512KB

      Download
    • memory/2948-1-0x0000000000400000-0x0000000000463000-memory.dmp
      Filesize

      396KB

      Download
    • memory/2948-368-0x0000000000400000-0x0000000000463000-memory.dmp
      Filesize

      396KB

      Download
    • memory/2948-1296-0x00000000027A0000-0x00000000027EE000-memory.dmp
      Filesize

      312KB

      Download