Overview

overview

10

Static

static

3

2024-11-20...ch.exe

windows7-x64

10

2024-11-20...ch.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    20-11-2024 01:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-11-20_867bb246b9670c0aa158c1741930b707_frostygoop_luca-stealer_snatch.exe

  • Size

    1.8MB

  • MD5

    867bb246b9670c0aa158c1741930b707

  • SHA1

    23dc1a1c99449d5f96cba2e79de0b47debf4711e

  • SHA256

    ac65634e97f0a2bcb5c56565dd619b1501dd059c2433615503625334ac858b9a

  • SHA512

    d5e8fb56d93902a55a57eac014ae122a0882873dbce1b0fe500f79f555fe29eff39ca2031677b331cf2cac45791e651a2e2636c6b300b3e042d9fccd3d110b6b

  • SSDEEP

    24576:jsW8+CYysp3o2UxHP+jBOT0QHxcFxNwh4/BMKA2:j++7yshTUAjBObRth4/B

Score
10/10
cobaltstrikebackdoortrojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://iot.xmdc.xyz:51303/jquery-3.3.2.slim.min.js

Attributes
  • user_agent

    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Referer: http://code.jquery.com/ Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-11-20_867bb246b9670c0aa158c1741930b707_frostygoop_luca-stealer_snatch.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-11-20_867bb246b9670c0aa158c1741930b707_frostygoop_luca-stealer_snatch.exe"
    1⤵
      PID:2432

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2432-0-0x0000000047E70000-0x0000000047F71000-memory.dmp

      Filesize

      1.0MB

      Download