Malware Analysis Report

2024-08-06 10:59

Sample ID 240429-avmq4sda36
Target 2024-04-29_310340b428920e3e69f14d2aa6124770_snatch
SHA256 0809998772b4599b9dc190b7a69d282c8c938992f12ddc6d25a3c04559872580
Tags
cobaltstrike 0 100000 backdoor trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

0809998772b4599b9dc190b7a69d282c8c938992f12ddc6d25a3c04559872580

Threat Level: Known bad

The file 2024-04-29_310340b428920e3e69f14d2aa6124770_snatch was found to be: Known bad.

Malicious Activity Summary

cobaltstrike 0 100000 backdoor trojan

Cobaltstrike

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-04-29 00:32

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-29 00:32

Reported

2024-04-29 00:34

Platform

win7-20240220-en

Max time kernel

124s

Max time network

126s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-04-29_310340b428920e3e69f14d2aa6124770_snatch.exe"

Signatures

Cobaltstrike

trojan backdoor cobaltstrike

Processes

C:\Users\Admin\AppData\Local\Temp\2024-04-29_310340b428920e3e69f14d2aa6124770_snatch.exe

"C:\Users\Admin\AppData\Local\Temp\2024-04-29_310340b428920e3e69f14d2aa6124770_snatch.exe"

Network

Country Destination Domain Proto
DE 84.247.155.115:80 84.247.155.115 tcp
DE 84.247.155.115:80 84.247.155.115 tcp
DE 84.247.155.115:80 84.247.155.115 tcp
DE 84.247.155.115:80 84.247.155.115 tcp

Files

memory/2868-0-0x0000000000910000-0x0000000000911000-memory.dmp

memory/2868-1-0x0000000029A60000-0x0000000029E60000-memory.dmp

memory/2868-2-0x00000000288B0000-0x00000000288FF000-memory.dmp

memory/2868-3-0x00000000288B0000-0x00000000288FF000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-29 00:32

Reported

2024-04-29 00:34

Platform

win10v2004-20240419-en

Max time kernel

147s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-04-29_310340b428920e3e69f14d2aa6124770_snatch.exe"

Signatures

Cobaltstrike

trojan backdoor cobaltstrike

Processes

C:\Users\Admin\AppData\Local\Temp\2024-04-29_310340b428920e3e69f14d2aa6124770_snatch.exe

"C:\Users\Admin\AppData\Local\Temp\2024-04-29_310340b428920e3e69f14d2aa6124770_snatch.exe"

Network

Country Destination Domain Proto
DE 84.247.155.115:80 tcp
US 8.8.8.8:53 g.bing.com udp
DE 84.247.155.115:80 tcp
DE 84.247.155.115:80 tcp
DE 84.247.155.115:80 tcp
DE 84.247.155.115:80 tcp
DE 84.247.155.115:80 tcp
DE 84.247.155.115:80 tcp
DE 84.247.155.115:80 tcp

Files

memory/5000-0-0x0000020534A30000-0x0000020534A31000-memory.dmp