Overview

overview

10

Static

static

3

artifact_x64.exe

windows7-x64

10

artifact_x64.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    40s
  • max time network
    35s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/09/2024, 09:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    artifact_x64.exe

  • Size

    19KB

  • MD5

    545ec1b3b6d648e9fdf9c08fc8e84a78

  • SHA1

    6188ecf7c3881938ed3d3276fc0f3b3415f8b9d2

  • SHA256

    835f477464eac132d3853bb9fc9269f540ba9542f2cdbaa1c180a49cd1f5c3ac

  • SHA512

    a8047d17b155bb6ab926a93da11676e401d6eab1a6e8b59bd39b395cad99a782af6031e9b59e4d7659e5934fd54fe392c177b90a165d94b53913e99d164b8d9d

  • SSDEEP

    192:rV7qaCF6Op1t2dobVXujRDcBaXWQjwOT/2f6IRtWF8qa1Dojjgi:FqaCF31cix+Dc4zjrFF46gi

Score
10/10
cobaltstrikebackdoortrojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://6.tcp.eu.ngrok.io:17148/X2mf

Attributes
  • user_agent

    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MAARJS)

Signatures

  • Cobaltstrike

    Detected malicious payload which is part of Cobaltstrike.

    trojanbackdoorcobaltstrike
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\artifact_x64.exe
    "C:\Users\Admin\AppData\Local\Temp\artifact_x64.exe"
    1⤵
      PID:556

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/556-0-0x0000000000020000-0x0000000000021000-memory.dmp

      Filesize

      4KB

      Download

    • memory/556-3-0x0000000003BE0000-0x0000000003FE0000-memory.dmp

      Filesize

      4.0MB

      Download

    • memory/556-4-0x0000000003FE0000-0x0000000004038000-memory.dmp

      Filesize

      352KB

      Download

    • memory/556-5-0x0000000000400000-0x000000000040C000-memory.dmp

      Filesize

      48KB

      Download