Analysis
-
max time kernel
147s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
09/11/2024, 15:21
Static task
static1
Behavioral task
behavioral1
Sample
8e7ae4051ffc4c8275b0b09fa9c667f6e4d109367bbcb9a23f2e185dbcfe0f72.exe
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
8e7ae4051ffc4c8275b0b09fa9c667f6e4d109367bbcb9a23f2e185dbcfe0f72.exe
Resource
win10v2004-20241007-en
General
-
Target
8e7ae4051ffc4c8275b0b09fa9c667f6e4d109367bbcb9a23f2e185dbcfe0f72.exe
-
Size
407KB
-
MD5
ad8ce9136d5bde22c3eb14df1d96c2b3
-
SHA1
db71099e7e2b27b18240e6e48db57efadc7e11aa
-
SHA256
8e7ae4051ffc4c8275b0b09fa9c667f6e4d109367bbcb9a23f2e185dbcfe0f72
-
SHA512
27525b4a0778bc53cc718b509def671bc754c4d3312a1c1f0b83994f6bca47042a77749bdcbbc70014c904875a820127ebb147a294d9473f1f9784a5ef25a8d8
-
SSDEEP
6144:cDnLfQpla4uJGiXh0L/Y1rCwcj/G4i3FiflBkt4Q:cDLfQpg4uJGiXhW+T3Fif
Malware Config
Extracted
cobaltstrike
http://192.168.150.128:8080/signin
-
user_agent
Connection: close Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Detch-Dest: document User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 12_1_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/16C104
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
Cobaltstrike family