Overview

overview

10

Static

static

10

ea46687b42...43.exe

windows7-x64

10

ea46687b42...43.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ea46687b4243887205e42c532fb145d1399af28dd885dc05356b2dddf5a80943

  • Size

    20KB

  • Sample

    240419-mk2thahe9z

  • MD5

    9e587a3c3df3acb8c55953b986e5526d

  • SHA1

    b6234b96260a438c504b5b37a1f23e014f81f189

  • SHA256

    ea46687b4243887205e42c532fb145d1399af28dd885dc05356b2dddf5a80943

  • SHA512

    ea1e3d251634b6f78d3790ba4e7772e8a994ef5652cfb66a0ae252e040347dc2fe1d24341121db4801ea98396bec77e42356f160d096ad7e21b84f416bd31d5d

  • SSDEEP

    384:6GQhdJgfx2BVrAf1YuAEEwEv/NmUqB/hJ6wkWHBLGOZx53tnBr:J6+eB/UT/hJ6wtMuH3dBr

Score
10/10
cobaltstrikebackdoorspywarestealertrojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://192.168.183.137:443/jquery-3.3.2.slim.min.js

Attributes
  • user_agent

    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Referer: http://code.jquery.com/ Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/82.0.4044.34 Safari/537.36 Edg/

Targets

    • Target

      ea46687b4243887205e42c532fb145d1399af28dd885dc05356b2dddf5a80943

    • Size

      20KB

    • MD5

      9e587a3c3df3acb8c55953b986e5526d

    • SHA1

      b6234b96260a438c504b5b37a1f23e014f81f189

    • SHA256

      ea46687b4243887205e42c532fb145d1399af28dd885dc05356b2dddf5a80943

    • SHA512

      ea1e3d251634b6f78d3790ba4e7772e8a994ef5652cfb66a0ae252e040347dc2fe1d24341121db4801ea98396bec77e42356f160d096ad7e21b84f416bd31d5d

    • SSDEEP

      384:6GQhdJgfx2BVrAf1YuAEEwEv/NmUqB/hJ6wkWHBLGOZx53tnBr:J6+eB/UT/hJ6wtMuH3dBr

    Score
    10/10
    cobaltstrikebackdoorspywarestealertrojan

    • Cobaltstrike

      Detected malicious payload which is part of Cobaltstrike.

      trojanbackdoorcobaltstrike

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks