Overview

overview

10

Static

static

3

41644ece96...bb.exe

windows7-x64

1

41644ece96...bb.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    41644ece96af2c710a353ce39a500929a87b96182e2d0e0cf0bde6fc27f554bb.exe

  • Size

    229KB

  • Sample

    240519-kg751aag52

  • MD5

    1ebed34934afd950c8861ecc0a65f866

  • SHA1

    d5e4f3762932a6a388b4eb35c70a0333f21165ea

  • SHA256

    41644ece96af2c710a353ce39a500929a87b96182e2d0e0cf0bde6fc27f554bb

  • SHA512

    bb8654d2eb362c8b4e0759eced1fb611dcbebf4ef5d47f279c2fb28f7a9b77e71f7f07514b9c32e06b6bb2bc22a0cd69453d8940352915597fa91395394acb43

  • SSDEEP

    6144:rUl132+IcwwtyRfeBgx5uU0jbV555555550:IlbyfeBgzUbq

Score
10/10
cobaltstrikebackdoortrojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://update.windowsupdate.com.cdn.dnsv1.com:443/FPMz

Attributes
  • user_agent

    User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.40 Host: update.windowsupdate.com

Targets

    • Target

      41644ece96af2c710a353ce39a500929a87b96182e2d0e0cf0bde6fc27f554bb.exe

    • Size

      229KB

    • MD5

      1ebed34934afd950c8861ecc0a65f866

    • SHA1

      d5e4f3762932a6a388b4eb35c70a0333f21165ea

    • SHA256

      41644ece96af2c710a353ce39a500929a87b96182e2d0e0cf0bde6fc27f554bb

    • SHA512

      bb8654d2eb362c8b4e0759eced1fb611dcbebf4ef5d47f279c2fb28f7a9b77e71f7f07514b9c32e06b6bb2bc22a0cd69453d8940352915597fa91395394acb43

    • SSDEEP

      6144:rUl132+IcwwtyRfeBgx5uU0jbV555555550:IlbyfeBgzUbq

    Score
    10/10
    cobaltstrikebackdoortrojan

    • Cobaltstrike

      Detected malicious payload which is part of Cobaltstrike.

      trojanbackdoorcobaltstrike

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks