Overview

overview

10

Static

static

3

ba8bd780a8...a5.dll

windows7-x64

10

ba8bd780a8...a5.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-09-2024 20:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ba8bd780a80a17e674a0b3690d6e03ac3328646cf54c7d629b8998ec8bd53ba5.dll

  • Size

    340KB

  • MD5

    0b3cda042f608c61daac8c3fe445f54b

  • SHA1

    66fb45fe9382a53123f2170aa877f7e41951ff07

  • SHA256

    ba8bd780a80a17e674a0b3690d6e03ac3328646cf54c7d629b8998ec8bd53ba5

  • SHA512

    3b2d6fc5bd01c6d9196aa3129370c964d096794f8af972bb67c23f4e6172bdd89ca60ba994c39acc1c0c3d59ffe7907bc7ae613abc536658009793247a13e5e8

  • SSDEEP

    6144:+keuH6hJkJNM0LtC8Jn819/KYjzXK+io+zphONfC33jxsVn5eNJamOP:N9BJNrC8m/KYXa5j9AC33UZ

Score
10/10
cobaltstrike391144938backdoortrojan

Malware Config

Extracted

Family

cobaltstrike

Botnet

391144938

Attributes
  • beacon_type

    512

  • http_header1

    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • pipe_name

    \\.\pipe\ntsvcs1b

  • polling_time

    10000

  • port_number

    4444

  • sc_process32

    %windir%\syswow64\gpupdate.exe

  • sc_process64

    %windir%\sysnative\gpupdate.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4pA/olT0i4ifz5szWb1GVkccbj10Ivj3xRk4H9m2WHnwVdCczZvOHOWSgFhHRXpPdwVtHDuYFzrYVieWD8ieC2ZRXYF6IQIVN4YwBdYRj3YvHIXqD9AUzlWUC/PvtLoVEOq4FEq8tw/h1ss427LELBF1rLrOhxlrzINghwfYEQQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    8192

  • unknown2

    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • watermark

    391144938

Signatures

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba8bd780a80a17e674a0b3690d6e03ac3328646cf54c7d629b8998ec8bd53ba5.dll,#1
    1⤵
      PID:2572

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2572-0-0x00007FFB14B90000-0x00007FFB14D85000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/2572-1-0x00007FFB05FA0000-0x00007FFB0625C000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/2572-3-0x000002EFFF300000-0x000002EFFF302000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2572-2-0x00007FFB05FA1000-0x00007FFB05FE3000-memory.dmp

      Filesize

      264KB

      Download