Overview

overview

10

Static

static

3

c5d039460a...4c.exe

windows7-x64

1

c5d039460a...4c.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-09-2024 19:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c5d039460ace0ce81ca3fe8ae2cd1fbbcaab48e7f4fd375bf87c077d9500954c.exe

  • Size

    12KB

  • MD5

    000ac6da3b0dcc75079f8cd62b29b05a

  • SHA1

    f45fb3a198a61196d824fc747a66dd7c7cc2703b

  • SHA256

    c5d039460ace0ce81ca3fe8ae2cd1fbbcaab48e7f4fd375bf87c077d9500954c

  • SHA512

    34d757d176af3daa39a49b9736a589dfabef959632368d0d3d9c0dd3de863d6a19ae8f80ff33165acae7cda06841d2311ee0bc5c5d71439e34cc6bb4cbbf00eb

  • SSDEEP

    192:gHITdiTedWSiDXxuJNvcum0+TRH+NGvyHNpsQ5tfBDm23:gBRDXMqTBEWytpst2

Score
10/10
cobaltstrikebackdoortrojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://www.bilibli.mom:443/jquery-3.3.2.slim.min.js

Attributes
  • user_agent

    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Host: www.bilibli.mom Referer: http://www.bilibli.mom/ Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko

Signatures

  • Cobaltstrike

    Detected malicious payload which is part of Cobaltstrike.

    trojanbackdoorcobaltstrike
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c5d039460ace0ce81ca3fe8ae2cd1fbbcaab48e7f4fd375bf87c077d9500954c.exe
    "C:\Users\Admin\AppData\Local\Temp\c5d039460ace0ce81ca3fe8ae2cd1fbbcaab48e7f4fd375bf87c077d9500954c.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:4220

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4220-0-0x000001AC80000000-0x000001AC80001000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4220-1-0x000001AC80000000-0x000001AC80001000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4220-4-0x000001AC82330000-0x000001AC827A2000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/4220-5-0x000001AC81F30000-0x000001AC82330000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/4220-6-0x000001AC821B0000-0x000001AC821B4000-memory.dmp

    Filesize

    16KB

    Download

  • memory/4220-7-0x000001AC81F30000-0x000001AC82330000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/4220-8-0x000001AC82330000-0x000001AC827A2000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/4220-9-0x000001AC82330000-0x000001AC827A2000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/4220-10-0x000001AC82330000-0x000001AC827A2000-memory.dmp

    Filesize

    4.4MB

    Download