Overview

overview

10

Static

static

3

3c6e864448...2d.exe

windows7-x64

10

3c6e864448...2d.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-09-2024 17:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3c6e8644487a39b9ebd01cb746f82a688a787cfe07acefe1454c75fb3d78492d.exe

  • Size

    13KB

  • MD5

    eabdb8a9d286679e5199b3d78724d03d

  • SHA1

    7c455aface5ff2d48a3ae68de10d3f13482ce52c

  • SHA256

    3c6e8644487a39b9ebd01cb746f82a688a787cfe07acefe1454c75fb3d78492d

  • SHA512

    fc1788d85944b857fa993b02bbdffec73d9ce4fd2d764fbfe0ea5d5de5baa37251ef4146179d4bb509b97fae5657b03aad485f703fbdb9cc90069ab6fbee8835

  • SSDEEP

    192:Qju12ci2ObYbtedXByXY76mg4OiAsAVi3Q5tfMcmmrCUyb4Hzm9:is2ci2ObAOIXYX3NmrCp8Hy9

Score
10/10
cobaltstrikebackdoortrojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://211.101.245.50:20080/jquery-3.3.2.slim.min.js

Attributes
  • user_agent

    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Referer: http://code.jquery.com/ Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\3c6e8644487a39b9ebd01cb746f82a688a787cfe07acefe1454c75fb3d78492d.exe
    "C:\Users\Admin\AppData\Local\Temp\3c6e8644487a39b9ebd01cb746f82a688a787cfe07acefe1454c75fb3d78492d.exe"
    1⤵
      PID:3224

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3224-0-0x00007FF7936C0000-0x00007FF7936CA000-memory.dmp

      Filesize

      40KB

      Download

    • memory/3224-1-0x00007FF7936C0000-0x00007FF7936CA000-memory.dmp

      Filesize

      40KB

      Download