Analysis
-
max time kernel
148s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
09-06-2024 04:33
Static task
static1
Behavioral task
behavioral1
Sample
afab205ca808920f6e155d79a670ebbbf79245b801ef942eb600e9928c92da85.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
afab205ca808920f6e155d79a670ebbbf79245b801ef942eb600e9928c92da85.exe
Resource
win10v2004-20240226-en
General
-
Target
afab205ca808920f6e155d79a670ebbbf79245b801ef942eb600e9928c92da85.exe
-
Size
19KB
-
MD5
19d43eab85bbe89c2ee6e22b665c148e
-
SHA1
816cacf869b836e8d63452f7a7351638eb891c7c
-
SHA256
afab205ca808920f6e155d79a670ebbbf79245b801ef942eb600e9928c92da85
-
SHA512
0133abed10d0d8ca6488f5fbaa499c7f4769cd1bc31a6fd25f7938e825620dca7d4a3fd8466b4be4be50d214cd59e7ec26dfe906a743376420ee73521408b433
-
SSDEEP
192:zV7qaCF6Op1t2dobVXujRDcBaXWQjwOT/2SY/f2iWF8qa1Dojjgi:dqaCF31cix+Dc4zjRY/fWFF46gi
Malware Config
Extracted
cobaltstrike
http://192.168.35.53:8080/zAKW
-
user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; Avant Browser)
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.