Overview

overview

10

Static

static

3

检查工具.exe

windows7-x64

1

检查工具.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    140s
  • max time network
    143s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-04-2024 09:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    检查工具.exe

  • Size

    3.4MB

  • MD5

    bcda35e32b5318b0253a30d5c6ff39e5

  • SHA1

    38d222421dd5385dd11ece5c40f54ea858e2a6cc

  • SHA256

    8a24deded9d9a36430a74d4170fdc3359882a19f43987f5ca991b098b7ceffd2

  • SHA512

    9b40d4450692625c60376cd234fd674c1c5e560eba817b4257ca21f0ce886a08ebfdf4ca46d054b67d5a8414ff6f5e5f3940e5404f983f5df07f77391fee1ee6

  • SSDEEP

    49152:huXzqPH2EPq5WAnuoSKFbC9N9wBKqPDQ4lxKBabceJBJJsx:2xmq5trnG9N96LJxiG9JBJJsx

Score
10/10
cobaltstrikebackdoortrojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://43.136.112.94:443/jquery-3.3.2.slim.min.js

Attributes
  • user_agent

    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Referer: http://code.jquery.com/ Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.130 Safari/537.36

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\检查工具.exe
    "C:\Users\Admin\AppData\Local\Temp\检查工具.exe"
    1⤵
      PID:1756

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1756-0-0x0000000000020000-0x0000000000021000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1756-1-0x00007FFA8BD40000-0x00007FFA8BDFE000-memory.dmp
      Filesize

      760KB

      Download