Overview

overview

10

Static

static

3

fe3848b53b...72.exe

windows7-x64

10

fe3848b53b...72.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    140s
  • max time network
    136s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-11-2024 09:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fe3848b53bf6701306cb0fa9618527dbad319a882d2d1307f8693f005c61c772.exe

  • Size

    281KB

  • MD5

    a7fcb5ec6dfef33922b57a9fb7251743

  • SHA1

    95caf01828c0e39528e02309081ac752bb6624b6

  • SHA256

    fe3848b53bf6701306cb0fa9618527dbad319a882d2d1307f8693f005c61c772

  • SHA512

    f155c88c428ca22180982f7108bf7bba0629c55fbde142962b05763dce715101d93451312a49f9552af249c0ee0840e3d2240775f4c6d5152d392ec50bb11a32

  • SSDEEP

    6144:GCvy+QJCWgFnl0ql59dHjNvSLjAdkKzTbXx4utYhFK:RyVJCrl0qLPHjsPzmTbBu

Score
10/10
cobaltstrike0305419896backdoortrojan

Malware Config

Extracted

Family

cobaltstrike

Botnet

305419896

C2

http://101.133.156.69:7001/fwlink

Attributes
  • access_type

    512

  • host

    101.133.156.69,/fwlink

  • http_header1

    AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • polling_time

    60000

  • port_number

    7001

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2xMNNgKam92LQZPTpk+O5ByDU9W21a1O7RHFYVFF1t694BN3Y8KC3LowBUlZD1+kdSa3jIXSnWgqkpDjXtmAOrt93R8/3Scp2MK/8GOX3FJCITOuL/7DTquD1ctl3Coex5zELDxKST3KVN1c7GsLIx3df4L8BD9VMD1KKrgdrHwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /submit.php

  • user_agent

    Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; FunWebProducts; IE0006_ver1;EN_GB)

  • watermark

    305419896

Extracted

Family

cobaltstrike

Botnet

0

Attributes
  • watermark

    0

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\fe3848b53bf6701306cb0fa9618527dbad319a882d2d1307f8693f005c61c772.exe
    "C:\Users\Admin\AppData\Local\Temp\fe3848b53bf6701306cb0fa9618527dbad319a882d2d1307f8693f005c61c772.exe"
    1⤵
      PID:4248

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4248-0-0x0000000000750000-0x0000000000791000-memory.dmp

      Filesize

      260KB

      Download

    • memory/4248-1-0x00000000007A0000-0x00000000007EE000-memory.dmp

      Filesize

      312KB

      Download

    • memory/4248-2-0x0000000000400000-0x000000000044E000-memory.dmp

      Filesize

      312KB

      Download

    • memory/4248-3-0x00000000007A0000-0x00000000007EE000-memory.dmp

      Filesize

      312KB

      Download