Analysis
-
max time kernel
147s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
21-11-2024 05:37
Behavioral task
behavioral1
Sample
0cf6d6ed2f4022e6b304b5349238823f74ebc2ca226a667c06c47c2d65b07487.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
0cf6d6ed2f4022e6b304b5349238823f74ebc2ca226a667c06c47c2d65b07487.exe
Resource
win10v2004-20241007-en
General
-
Target
0cf6d6ed2f4022e6b304b5349238823f74ebc2ca226a667c06c47c2d65b07487.exe
-
Size
635KB
-
MD5
0fbef8ad36b431703a43257bbbb44150
-
SHA1
b3c0ece48011b68f857884f93173ea32861bbaac
-
SHA256
0cf6d6ed2f4022e6b304b5349238823f74ebc2ca226a667c06c47c2d65b07487
-
SHA512
5630c11a931177748c59994a9aa40a9f227d70231fe59e96e00be0eeec443298da6d248f5bfec58087a53e564761e32b0b86cb4ab2a94a69be2ecb3136b529f7
-
SSDEEP
6144:ory6hE6iIN51UbBBuJVPT7BcHlFOJ3quOTBcYMezRGSUkPgD:ZaE7wTU0PT7BcHO3qu8TMMID
Malware Config
Extracted
cobaltstrike
http://192.168.241.130:9999/jquery-3.3.2.slim.min.js
-
user_agent
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Referer: http://code.jquery.com/ Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
Cobaltstrike family