Overview

overview

10

Static

static

3

1123.scr.exe

windows7-x64

10

1123.scr.exe

windows10-2004-x64

10

关于执�...��.exe

windows7-x64

1

关于执�...��.exe

windows10-2004-x64

10

阿里巴�...nc.exe

windows7-x64

1

阿里巴�...nc.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    141s
  • max time network
    136s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-05-2024 13:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1123.scr.exe

  • Size

    934KB

  • MD5

    12ba4d27185e65f3d612f4277a705800

  • SHA1

    703a75bf3008463d38b1c7d53d4861b0b26a3889

  • SHA256

    b0f47f32d463c9f25bf1a648bc9b2994bea016540aa6d70f31fc8267ebdb70da

  • SHA512

    63fcc14bbf6b676b7793c5cc982e063e46f84a709bbade86aa4072679442a3dfedfe60570caa98ee1335aaf28f593f57a5e1a5a2cc7cad9f70d11294036fdf7b

  • SSDEEP

    12288:oco/eGkp4gMc7NU6FsV3GNYRCMs5P6Bd3X3u:sPkxi66V2iO5P6Bd3X3

Score
10/10
cobaltstrike0100000backdoortrojan

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

Attributes
  • watermark

    0

Extracted

Family

cobaltstrike

Botnet

100000

C2

http://23.105.197.219:4433/en_US/all.js

Attributes
  • access_type

    512

  • beacon_type

    2048

  • host

    23.105.197.219,/en_US/all.js

  • http_header1

    AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • polling_time

    60000

  • port_number

    4433

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDDohWpPN9dK5Iaq3j5MARwhwXxMD+LZJY92SEg755tH3cbGJDwjAjae+Cq14PUO5w33EpPbdmLoEfwZmXv2Zz/AYj0O8mNmRw35sEPhPXGKj1Snqz4qS1EVBYgJOSMLEUCg7LBwHQtvsGnoZjszjkVqf9Hi9INcnBF8qLyh4JrKQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /submit.php

  • user_agent

    Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; LEN2)

  • watermark

    100000

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\1123.scr.exe
    "C:\Users\Admin\AppData\Local\Temp\1123.scr.exe"
    1⤵
      PID:1920

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1920-0-0x00000254A16D0000-0x00000254A16D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1920-1-0x00000254A1AA0000-0x00000254A1AE1000-memory.dmp

      Filesize

      260KB

      Download

    • memory/1920-3-0x00000254A1B10000-0x00000254A1B5F000-memory.dmp

      Filesize

      316KB

      Download

    • memory/1920-2-0x00000254A1AA0000-0x00000254A1AE1000-memory.dmp

      Filesize

      260KB

      Download

    • memory/1920-4-0x00007FF6C45C0000-0x00007FF6C46B4000-memory.dmp

      Filesize

      976KB

      Download

    • memory/1920-6-0x00000254A1B10000-0x00000254A1B5F000-memory.dmp

      Filesize

      316KB

      Download