Analysis
-
max time kernel
132s -
max time network
140s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
31/10/2024, 10:01
Static task
static1
Behavioral task
behavioral1
Sample
f76294fc8e9e8cada686e11e8cd52159d2f59aa80e29490e7ad0211c25c2121c.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
f76294fc8e9e8cada686e11e8cd52159d2f59aa80e29490e7ad0211c25c2121c.exe
Resource
win10v2004-20241007-en
General
-
Target
f76294fc8e9e8cada686e11e8cd52159d2f59aa80e29490e7ad0211c25c2121c.exe
-
Size
1.4MB
-
MD5
9f3ff3d9fa9c179e2ef0d044e941e73c
-
SHA1
251f560578043f0b4c543fc233d1b27a88a84fa1
-
SHA256
f76294fc8e9e8cada686e11e8cd52159d2f59aa80e29490e7ad0211c25c2121c
-
SHA512
512cb28e3b424d91873d35fc1cb886222d3d6a097098f604845c54e822975aaf0d10e79131ef6735fd6bb17814d20ec337338f6236432bb0aecc84e3af593840
-
SSDEEP
24576:oC/ugmGCmzsMoBm/XxlDsYggDvQ2qyIMYq6znzj81:oC/NCmzsMKm/hmYggjqyIjA1
Malware Config
Extracted
cobaltstrike
http://101.43.25.107:44399/jquery-3.3.2.slim.min.js
-
user_agent
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Referer: http://code.jquery.com/ Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
Cobaltstrike family