Analysis Overview

score

10^/10

SHA256

49df6def611e513790864671948bf39e64267ed173ad50ec3adecec27a7b83c0

Threat Level: Known bad

The file 2024-04-29_cfdbd859caec4b8c104891b01774f03d_snatch was found to be: Known bad.

Malicious Activity Summary

cobaltstrike 0 100000 backdoor trojan

Cobaltstrike

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-04-29 01:02

Signatures

Unsigned PE

Description	Indicator	Process	Target
N/A	N/A	N/A	N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-29 01:02

Reported

2024-04-29 01:04

Platform

win7-20240221-en

Max time kernel

124s

Max time network

126s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-04-29_cfdbd859caec4b8c104891b01774f03d_snatch.exe"

Signatures

Cobaltstrike

trojan backdoor cobaltstrike

Processes

C:\Users\Admin\AppData\Local\Temp\2024-04-29_cfdbd859caec4b8c104891b01774f03d_snatch.exe

"C:\Users\Admin\AppData\Local\Temp\2024-04-29_cfdbd859caec4b8c104891b01774f03d_snatch.exe"

Network

Country	Destination	Domain	Proto
DE	84.247.155.115:80	84.247.155.115	tcp
DE	84.247.155.115:80	84.247.155.115	tcp
DE	84.247.155.115:80	84.247.155.115	tcp
DE	84.247.155.115:80	84.247.155.115	tcp

Files

memory/2864-0-0x00000000021B0000-0x00000000021B1000-memory.dmp

memory/2864-1-0x0000000029910000-0x0000000029D10000-memory.dmp

memory/2864-2-0x0000000028650000-0x000000002869F000-memory.dmp

memory/2864-3-0x0000000028650000-0x000000002869F000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-29 01:02

Reported

2024-04-29 01:04

Platform

win10v2004-20240419-en

Max time kernel

147s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-04-29_cfdbd859caec4b8c104891b01774f03d_snatch.exe"

Signatures

Cobaltstrike

trojan backdoor cobaltstrike

Processes

C:\Users\Admin\AppData\Local\Temp\2024-04-29_cfdbd859caec4b8c104891b01774f03d_snatch.exe

"C:\Users\Admin\AppData\Local\Temp\2024-04-29_cfdbd859caec4b8c104891b01774f03d_snatch.exe"

Network

Country	Destination	Domain	Proto
DE	84.247.155.115:80		tcp
US	8.8.8.8:53	g.bing.com	udp
DE	84.247.155.115:80		tcp
US	8.8.8.8:53	g.bing.com	udp
DE	84.247.155.115:80		tcp
DE	84.247.155.115:80		tcp
DE	84.247.155.115:80		tcp
DE	84.247.155.115:80		tcp
DE	84.247.155.115:80		tcp
DE	84.247.155.115:80		tcp

Files

memory/1468-0-0x00000169B88B0000-0x00000169B88B1000-memory.dmp

Sample ID	240429-bdxenadh7y
Target	2024-04-29_cfdbd859caec4b8c104891b01774f03d_snatch
SHA256	49df6def611e513790864671948bf39e64267ed173ad50ec3adecec27a7b83c0
Tags	cobaltstrike 0 100000 backdoor trojan

Malware Analysis Report

2024-08-06 10:59

Table of Contents

Analysis Overview

Threat Level: Known bad

Malicious Activity Summary

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files