Analysis Overview

score

10^/10

SHA256

f6a9d7c61651a9c0d8fcf08c1ecc74858b199aa3d9e87b51117a57cbfed194b8

Threat Level: Known bad

The file 2024-04-29_01c102e648da964c3e92c34ca1d68c7d_snatch was found to be: Known bad.

Malicious Activity Summary

cobaltstrike 0 100000 backdoor trojan

Cobaltstrike

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-04-29 00:25

Signatures

Unsigned PE

Description	Indicator	Process	Target
N/A	N/A	N/A	N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-29 00:25

Reported

2024-04-29 00:27

Platform

win7-20240221-en

Max time kernel

127s

Max time network

132s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-04-29_01c102e648da964c3e92c34ca1d68c7d_snatch.exe"

Signatures

Cobaltstrike

trojan backdoor cobaltstrike

Processes

C:\Users\Admin\AppData\Local\Temp\2024-04-29_01c102e648da964c3e92c34ca1d68c7d_snatch.exe

"C:\Users\Admin\AppData\Local\Temp\2024-04-29_01c102e648da964c3e92c34ca1d68c7d_snatch.exe"

Network

Country	Destination	Domain	Proto
DE	84.247.155.115:80	84.247.155.115	tcp
DE	84.247.155.115:80	84.247.155.115	tcp
DE	84.247.155.115:80	84.247.155.115	tcp
DE	84.247.155.115:80	84.247.155.115	tcp

Files

memory/2008-0-0x0000000002060000-0x0000000002061000-memory.dmp

memory/2008-1-0x0000000029870000-0x0000000029C70000-memory.dmp

memory/2008-2-0x00000000282D0000-0x000000002831F000-memory.dmp

memory/2008-3-0x00000000282D0000-0x000000002831F000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-29 00:25

Reported

2024-04-29 00:27

Platform

win10v2004-20240426-en

Max time kernel

123s

Max time network

139s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-04-29_01c102e648da964c3e92c34ca1d68c7d_snatch.exe"

Signatures

Cobaltstrike

trojan backdoor cobaltstrike

Processes

C:\Users\Admin\AppData\Local\Temp\2024-04-29_01c102e648da964c3e92c34ca1d68c7d_snatch.exe

"C:\Users\Admin\AppData\Local\Temp\2024-04-29_01c102e648da964c3e92c34ca1d68c7d_snatch.exe"

Network

Country	Destination	Domain	Proto
DE	84.247.155.115:80	84.247.155.115	tcp
US	8.8.8.8:53	g.bing.com	udp
US	204.79.197.237:443	g.bing.com	tcp
NL	23.62.61.97:443	www.bing.com	tcp
US	8.8.8.8:53	8.8.8.8.in-addr.arpa	udp
US	8.8.8.8:53	115.155.247.84.in-addr.arpa	udp
US	8.8.8.8:53	69.31.126.40.in-addr.arpa	udp
NL	23.62.61.97:443	www.bing.com	tcp
DE	84.247.155.115:80	84.247.155.115	tcp
US	8.8.8.8:53	237.197.79.204.in-addr.arpa	udp
US	8.8.8.8:53	133.190.18.2.in-addr.arpa	udp
US	8.8.8.8:53	97.61.62.23.in-addr.arpa	udp
US	8.8.8.8:53	26.35.223.20.in-addr.arpa	udp
US	8.8.8.8:53	183.59.114.20.in-addr.arpa	udp
US	8.8.8.8:53	15.164.165.52.in-addr.arpa	udp
US	8.8.8.8:53	163.143.109.104.in-addr.arpa	udp
DE	84.247.155.115:80	84.247.155.115	tcp
US	8.8.8.8:53	134.190.18.2.in-addr.arpa	udp
DE	84.247.155.115:80	84.247.155.115	tcp

Files

memory/1952-0-0x0000020F42560000-0x0000020F42561000-memory.dmp

memory/1952-1-0x0000020F44110000-0x0000020F44510000-memory.dmp

memory/1952-2-0x0000020F44510000-0x0000020F4455F000-memory.dmp

memory/1952-3-0x0000020F44510000-0x0000020F4455F000-memory.dmp

Sample ID	240429-aqly1sdb6t
Target	2024-04-29_01c102e648da964c3e92c34ca1d68c7d_snatch
SHA256	f6a9d7c61651a9c0d8fcf08c1ecc74858b199aa3d9e87b51117a57cbfed194b8
Tags	cobaltstrike 0 100000 backdoor trojan

Malware Analysis Report

2024-08-06 10:59

Table of Contents

Analysis Overview

Threat Level: Known bad

Malicious Activity Summary

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files