Overview

overview

10

Static

static

3

2024-09-05...ch.exe

windows7-x64

10

2024-09-05...ch.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    05/09/2024, 00:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-09-05_46de438a7b46eca1797472f218117f1c_snatch.exe

  • Size

    4.2MB

  • MD5

    46de438a7b46eca1797472f218117f1c

  • SHA1

    c139c8df386b61c6502d910f7106f6d3946faa70

  • SHA256

    30b5928fcb32d3441d0aa2ba2d8d6c701cddd61d4bef06bb92751dfa35779a09

  • SHA512

    dba6cce96d0009f7cf74addf90b15637c0a36e86803040fdc0639467ff58e219e665a65373f4ddb1c757ab548681e51cb0d7b0396742f1b940597d3903b93045

  • SSDEEP

    49152:2h1u9UL3By9dirb/TgvO90d7HjmAFd4A64nsfJLewt+uzuC45E3gTJsUf8eu/Jyj:0B3U9dcPwEo0rIZMYk59

Score
10/10
cobaltstrikebackdoortrojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://124.71.163.115:4043/jquery-3.3.2.slim.min.js

Attributes
  • user_agent

    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Referer: http://code.jquery.com/ Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-09-05_46de438a7b46eca1797472f218117f1c_snatch.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-09-05_46de438a7b46eca1797472f218117f1c_snatch.exe"
    1⤵
      PID:2684

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2684-0-0x0000000000910000-0x0000000000911000-memory.dmp

      Filesize

      4KB

      Download