Overview

overview

10

Static

static

3

2024082419...ch.exe

windows7-x64

10

2024082419...ch.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    133s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    24/08/2024, 10:41

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024082419f82094f857e3b4ff32c0ee2fd78300poetratsnatch.exe

  • Size

    4.6MB

  • MD5

    19f82094f857e3b4ff32c0ee2fd78300

  • SHA1

    d559279dfa7d41f98e9e1f938e06ed3568e14ef4

  • SHA256

    bd8a345af42cf6a3bfaaba20e9801733569a2272f188717830f1900c8eeaf927

  • SHA512

    91c342e538b3a7f49c88894df4e41538fca69e058d784bc42ac9896cc0132ca1888048a7a89f0fe3d1d880b8f62ae6a37f0a1fbe72bd53f1d9b793ef3c2e1cda

  • SSDEEP

    49152:PdayJ0zV9GZ2MaoYvIaN72LTE05EE31vNCfnOs+5hNT:lHJ0ztPAaNSsGEEKfb+L

Score
10/10
cobaltstrikebackdoortrojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://43.139.105.148:7879/1mIv

Attributes
  • user_agent

    User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SV1)

Signatures

  • Cobaltstrike

    Detected malicious payload which is part of Cobaltstrike.

    trojanbackdoorcobaltstrike
  • GoLang User-Agent 1 IoCs

    Uses default user-agent string defined by GoLang HTTP packages.

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024082419f82094f857e3b4ff32c0ee2fd78300poetratsnatch.exe
    "C:\Users\Admin\AppData\Local\Temp\2024082419f82094f857e3b4ff32c0ee2fd78300poetratsnatch.exe"
    1⤵
      PID:3056

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/3056-0-0x0000000048570000-0x0000000048571000-memory.dmp

            Filesize

            4KB

            Download