Analysis
-
max time kernel
147s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
29-04-2024 01:02
Static task
static1
Behavioral task
behavioral1
Sample
2024-04-29_cfdbd859caec4b8c104891b01774f03d_snatch.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-04-29_cfdbd859caec4b8c104891b01774f03d_snatch.exe
Resource
win10v2004-20240419-en
General
-
Target
2024-04-29_cfdbd859caec4b8c104891b01774f03d_snatch.exe
-
Size
3.2MB
-
MD5
cfdbd859caec4b8c104891b01774f03d
-
SHA1
fd8d40a49381802768a97ed1c8878f9bf0081e75
-
SHA256
49df6def611e513790864671948bf39e64267ed173ad50ec3adecec27a7b83c0
-
SHA512
59210e7afa802297ceadab2d18047caaa721ada8e1a92b8cd5411d71cf9fc64218e49160ffa28a3c0415c474560d08c11dc2d2886cca0a24d1e6a23689de6fef
-
SSDEEP
49152:ZIxI3RRvdrb/T0vO90dL3BmAFd4A64nsfJ/1jrnigvQwzq8lcMD19d41wifjdMWi:j3bjrmw2Id0FM2PcdN
Malware Config
Extracted
cobaltstrike
http://84.247.155.115:80/bU2t
-
user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; MANM; MANM)
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1468-0-0x00000169B88B0000-0x00000169B88B1000-memory.dmpFilesize
4KB