Overview

overview

10

Static

static

3

2024-09-15...ch.exe

windows7-x64

1

2024-09-15...ch.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-09-2024 07:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-09-15_3b0eb24ab244847780558e114003a54e_snatch.exe

  • Size

    2.1MB

  • MD5

    3b0eb24ab244847780558e114003a54e

  • SHA1

    9e7c69aeb158dc1371b3ddaaf49260dd2ea8bffb

  • SHA256

    2b5c7f35ea2a8c8ac3a35937dcaba3584d3cd664a615f9693ee39b06fdc683f0

  • SHA512

    f8561b1459f8e76cad5606d3d895ee99695ceba8d7a4477edfc03aa8edc1cf26f6aea3463a40993344ab3ddb20e7d5adf61696da0d16ead9bb69cd182c3f4375

  • SSDEEP

    24576:SpQgyZYgCGpS77IG4qg8K/EIKRfIVjyD+VA9udZgbIkzMc2QKj4J9IO6guqiDwod:MRGY77IGjLKDKKjfqRJzFiDwogi4Wbv

Score
10/10
cobaltstrike100000backdoortrojan

Malware Config

Extracted

Family

cobaltstrike

Botnet

100000

C2

http://150.158.38.230:443/api/getit

Attributes
  • access_type

    512

  • beacon_type

    2048

  • host

    150.158.38.230,/api/getit

  • http_header1

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAcAAAAAAAAAAwAAAAIAAAAKU0VTU0lPTklEPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAcAAAAAAAAAAwAAAAIAAAAJSlNFU1NJT049AAAABgAAAAZDb29raWUAAAAHAAAAAQAAAAMAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • polling_time

    3000

  • port_number

    443

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCAj9BzUCjiBqUkilBIewA+ORYUNwu/T2OMyKBpQkHAAoP0p1exLa71ScIz+xD6juCG5l8lgx2am1Sty4ri3fBsXIxZ2aDKyaXy5CMTeCESqYcGpO8zn0nn0MzLb2271Ul1PD4ZnPka3saPjp1OjZ4qgiiDu9QG0BgcDvEIeRpkOwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    1.481970944e+09

  • unknown2

    AAAABAAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /api/postit

  • user_agent

    Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0)

  • watermark

    100000

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-09-15_3b0eb24ab244847780558e114003a54e_snatch.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-09-15_3b0eb24ab244847780558e114003a54e_snatch.exe"
    1⤵
      PID:1480

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1480-0-0x0000013A51370000-0x0000013A513B1000-memory.dmp

      Filesize

      260KB

      Download

    • memory/1480-1-0x0000013A51BC0000-0x0000013A51C0F000-memory.dmp

      Filesize

      316KB

      Download

    • memory/1480-2-0x0000013A51BC0000-0x0000013A51C0F000-memory.dmp

      Filesize

      316KB

      Download