Overview

overview

10

Static

static

3

2024-11-20...ch.exe

windows7-x64

10

2024-11-20...ch.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    20-11-2024 02:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-11-20_abc762d38cf2be6f858c58c4d1a485ba_frostygoop_luca-stealer_snatch.exe

  • Size

    1.8MB

  • MD5

    abc762d38cf2be6f858c58c4d1a485ba

  • SHA1

    417cd961d7ebe04a032f692e043d76bd551bfc0f

  • SHA256

    da6f954d154c6fbd877f4a2fe88debe35e0a7cb6e4db1744e088cd1053648fd9

  • SHA512

    0d603561dd3138b4a1c524fe08ab954d3fe00ff45253cc078a5b91f8b7e6cbee3cd1ebb7bfe54828d4765b1a1e75a88dd16df1850fb548d65473946f934fcbcf

  • SSDEEP

    24576:SsW8+CYysp3o2UxHP/jBOb0QHxcFxNwh4/BMKAi:S++7yshTUBjBODRth4/B

Score
10/10
cobaltstrikebackdoortrojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://iot.xmdc.xyz:51303/jquery-3.3.2.slim.min.js

Attributes
  • user_agent

    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Referer: http://code.jquery.com/ Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-11-20_abc762d38cf2be6f858c58c4d1a485ba_frostygoop_luca-stealer_snatch.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-11-20_abc762d38cf2be6f858c58c4d1a485ba_frostygoop_luca-stealer_snatch.exe"
    1⤵
      PID:2316

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2316-0-0x0000000047FC0000-0x00000000480C1000-memory.dmp

      Filesize

      1.0MB

      Download