Overview

overview

10

Static

static

3

f0b632dfee...78.exe

windows7-x64

10

f0b632dfee...78.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    113s
  • max time network
    118s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-11-2024 23:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f0b632dfee0b9b66b8a3709c564802c6ec1c9b4645c160ffdfd996123c5ddc78.exe

  • Size

    59KB

  • MD5

    c71c3b1e9f10a12e3ef427a8a9b21f60

  • SHA1

    9731c2e5f83876048f0492c2cdcab62233947e1b

  • SHA256

    f0b632dfee0b9b66b8a3709c564802c6ec1c9b4645c160ffdfd996123c5ddc78

  • SHA512

    91e0d0130d53ac81f6975fbe3fc8d97d3d3b304b4f29ea03d7b190e61ea3e2bbe60a1fcac1f2083198e26fbca8e3961e01a311b2330b1c20f8ceac65e1a715bc

  • SSDEEP

    768:KdEjJzLNnzTQlZ3v51ExQ2ytSCFGfGnD3CK59eL4kZAHyR8BkNYJ3840pL77BTho:KdkzB0lZvTnrCK59eL4kZAcPNYeLrEpH

Score
10/10
cobaltstrikebackdoortrojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://47.103.116.103:443/jquery-2.3.2.min.js

Attributes
  • user_agent

    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Host: code.jquery.com Referer: http://code.jquery.com/ Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\f0b632dfee0b9b66b8a3709c564802c6ec1c9b4645c160ffdfd996123c5ddc78.exe
    "C:\Users\Admin\AppData\Local\Temp\f0b632dfee0b9b66b8a3709c564802c6ec1c9b4645c160ffdfd996123c5ddc78.exe"
    1⤵
      PID:4432

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4432-0-0x0000000000020000-0x0000000000021000-memory.dmp

      Filesize

      4KB

      Download