Analysis

  • max time kernel
    95s
  • max time network
    135s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/09/2024, 17:59 UTC

General

  • Target

    20240913e9470b336e245a3fda067ae1a3d96898cobaltstrikecobaltstrikepoetratsnatch.exe

  • Size

    5.0MB

  • MD5

    e9470b336e245a3fda067ae1a3d96898

  • SHA1

    a059f8efad896f14795bacce0d431c29036ae0ba

  • SHA256

    37dd2dd3dd42d467222b16e498ee4f78288c475387018ec2f012edff61489935

  • SHA512

    7d6b5e9658a2a3d1a61fae140ccd73aca288fc23db6438bb8ccb48fce1f4ee2ce154f8122cb3660ecfaac539730c02fe6c6b44efbd2c9dd703e89430d145f83e

  • SSDEEP

    49152:r56uL3pgrCEdMKPFotsgEBr6GjvzW+UBA3Gd7po52xWKQY2v2V6liK1uOCeXvpnB:r56utgpPFotBER/mQ32lU/

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\20240913e9470b336e245a3fda067ae1a3d96898cobaltstrikecobaltstrikepoetratsnatch.exe
    "C:\Users\Admin\AppData\Local\Temp\20240913e9470b336e245a3fda067ae1a3d96898cobaltstrikecobaltstrikepoetratsnatch.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:1728

Network

  • flag-us
    DNS
    209.205.72.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    209.205.72.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    240.221.184.93.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    240.221.184.93.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    240.221.184.93.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    240.221.184.93.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    71.31.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    71.31.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    71.31.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    71.31.126.40.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    97.17.167.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    97.17.167.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    s3.us-east-2.amazonaws.com
    20240913e9470b336e245a3fda067ae1a3d96898cobaltstrikecobaltstrikepoetratsnatch.exe
    Remote address:
    8.8.8.8:53
    Request
    s3.us-east-2.amazonaws.com
    IN A
    Response
    s3.us-east-2.amazonaws.com
    IN A
    52.219.80.91
    s3.us-east-2.amazonaws.com
    IN A
    52.219.94.65
    s3.us-east-2.amazonaws.com
    IN A
    52.219.107.41
    s3.us-east-2.amazonaws.com
    IN A
    3.5.131.125
    s3.us-east-2.amazonaws.com
    IN A
    52.219.228.161
    s3.us-east-2.amazonaws.com
    IN A
    3.5.128.140
    s3.us-east-2.amazonaws.com
    IN A
    52.219.178.57
    s3.us-east-2.amazonaws.com
    IN A
    52.219.110.145
  • flag-us
    DNS
    s3.us-east-2.amazonaws.com
    20240913e9470b336e245a3fda067ae1a3d96898cobaltstrikecobaltstrikepoetratsnatch.exe
    Remote address:
    8.8.8.8:53
    Request
    s3.us-east-2.amazonaws.com
    IN A
  • flag-us
    DNS
    s3.us-east-2.amazonaws.com
    20240913e9470b336e245a3fda067ae1a3d96898cobaltstrikecobaltstrikepoetratsnatch.exe
    Remote address:
    8.8.8.8:53
    Request
    s3.us-east-2.amazonaws.com
    IN A
  • flag-us
    DNS
    91.80.219.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    91.80.219.52.in-addr.arpa
    IN PTR
    Response
    91.80.219.52.in-addr.arpa
    IN PTR
    s3 us-east-2 amazonawscom
  • flag-us
    DNS
    91.80.219.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    91.80.219.52.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    217.106.137.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    217.106.137.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    107.39.156.108.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    107.39.156.108.in-addr.arpa
    IN PTR
    Response
    107.39.156.108.in-addr.arpa
    IN PTR
    server-108-156-39-107lhr50r cloudfrontnet
  • flag-us
    DNS
    196.249.167.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    196.249.167.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    86.23.85.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    86.23.85.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    56.126.166.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    56.126.166.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    0.205.248.87.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    0.205.248.87.in-addr.arpa
    IN PTR
    Response
    0.205.248.87.in-addr.arpa
    IN PTR
    https-87-248-205-0lgwllnwnet
  • flag-us
    DNS
    29.243.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    29.243.111.52.in-addr.arpa
    IN PTR
    Response
  • 52.219.80.91:443
    s3.us-east-2.amazonaws.com
    tls
    20240913e9470b336e245a3fda067ae1a3d96898cobaltstrikecobaltstrikepoetratsnatch.exe
    1.8kB
    7.9kB
    20
    19
  • 8.8.8.8:53
    209.205.72.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    209.205.72.20.in-addr.arpa

  • 8.8.8.8:53
    240.221.184.93.in-addr.arpa
    dns
    146 B
    144 B
    2
    1

    DNS Request

    240.221.184.93.in-addr.arpa

    DNS Request

    240.221.184.93.in-addr.arpa

  • 8.8.8.8:53
    71.31.126.40.in-addr.arpa
    dns
    142 B
    157 B
    2
    1

    DNS Request

    71.31.126.40.in-addr.arpa

    DNS Request

    71.31.126.40.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
    144 B
    1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    97.17.167.52.in-addr.arpa
    dns
    71 B
    145 B
    1
    1

    DNS Request

    97.17.167.52.in-addr.arpa

  • 8.8.8.8:53
    s3.us-east-2.amazonaws.com
    dns
    20240913e9470b336e245a3fda067ae1a3d96898cobaltstrikecobaltstrikepoetratsnatch.exe
    216 B
    200 B
    3
    1

    DNS Request

    s3.us-east-2.amazonaws.com

    DNS Request

    s3.us-east-2.amazonaws.com

    DNS Request

    s3.us-east-2.amazonaws.com

    DNS Response

    52.219.80.91
    52.219.94.65
    52.219.107.41
    3.5.131.125
    52.219.228.161
    3.5.128.140
    52.219.178.57
    52.219.110.145

  • 8.8.8.8:53
    91.80.219.52.in-addr.arpa
    dns
    142 B
    111 B
    2
    1

    DNS Request

    91.80.219.52.in-addr.arpa

    DNS Request

    91.80.219.52.in-addr.arpa

  • 8.8.8.8:53
    217.106.137.52.in-addr.arpa
    dns
    73 B
    147 B
    1
    1

    DNS Request

    217.106.137.52.in-addr.arpa

  • 8.8.8.8:53
    107.39.156.108.in-addr.arpa
    dns
    73 B
    131 B
    1
    1

    DNS Request

    107.39.156.108.in-addr.arpa

  • 8.8.8.8:53
    196.249.167.52.in-addr.arpa
    dns
    73 B
    147 B
    1
    1

    DNS Request

    196.249.167.52.in-addr.arpa

  • 8.8.8.8:53
    86.23.85.13.in-addr.arpa
    dns
    70 B
    144 B
    1
    1

    DNS Request

    86.23.85.13.in-addr.arpa

  • 8.8.8.8:53
    56.126.166.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    56.126.166.20.in-addr.arpa

  • 8.8.8.8:53
    0.205.248.87.in-addr.arpa
    dns
    71 B
    116 B
    1
    1

    DNS Request

    0.205.248.87.in-addr.arpa

  • 8.8.8.8:53
    29.243.111.52.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    29.243.111.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.