Overview

overview

10

Static

static

10

272eb8156a...64.exe

windows7-x64

10

272eb8156a...64.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    84s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    09-09-2024 22:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    272eb8156a15ada59b8b067c5b902d3943ca7d6920d3b3367b9ca0df1e237664.exe

  • Size

    51KB

  • MD5

    396b0d6eb8c084b498c47837c8b34bb6

  • SHA1

    ccc014348c36e2d21b766c0ef6ec1f7482bbddc1

  • SHA256

    272eb8156a15ada59b8b067c5b902d3943ca7d6920d3b3367b9ca0df1e237664

  • SHA512

    da0dd9579da5b98b00e2f5c5b1de7cfabdea9e7f2f6ee78111955eec2ef1a9374359071b2b5bd6c879af37fc7d169955279706deccf05fcd431dce4d971fed7c

  • SSDEEP

    768:074wdD0GZfz2tto0wn54wVz7hJYSxDDo:0FaGZfzUS0S54Az7hJYy

Score
10/10
cobaltstrikebackdoortrojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://38.60.249.64:443/jquery-3.3.2.slim.min.js

Attributes
  • user_agent

    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Referer: http://code.jquery.com/ Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\272eb8156a15ada59b8b067c5b902d3943ca7d6920d3b3367b9ca0df1e237664.exe
    "C:\Users\Admin\AppData\Local\Temp\272eb8156a15ada59b8b067c5b902d3943ca7d6920d3b3367b9ca0df1e237664.exe"
    1⤵
      PID:1308

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1308-0-0x0000000000FA0000-0x0000000000FC2000-memory.dmp

      Filesize

      136KB

      Download