Overview

overview

10

Static

static

3

947b389e98...26.exe

windows7-x64

1

947b389e98...26.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    124s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-12-2024 02:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    947b389e989ad941ea4f45b29b29f5df1b3eff4d05cdcc970d8982669e627626.exe

  • Size

    1.8MB

  • MD5

    21aee823633e17b7fbe3af8c5b49f2a1

  • SHA1

    35d196273009ac0aab174662bde3af12cbaf595c

  • SHA256

    947b389e989ad941ea4f45b29b29f5df1b3eff4d05cdcc970d8982669e627626

  • SHA512

    a54639bccce7657f4db07cbbfca5492c761464397d5ed847cdf1d2e23aea6ade1050ca094c364a464a5255bae57412a3340d701e799363471ab0b2e29a76e787

  • SSDEEP

    24576:WlNAsrR4Ao6JJChxd8JqgrmejTBdPR0cdk1nVtGnd:WlN54A3bCF0qsjMnVyd

Score
10/10
cobaltstrike0backdoordiscoverytrojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://206.206.76.193:10010/uf8J

Attributes
  • user_agent

    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0)

Extracted

Family

cobaltstrike

Botnet

0

C2

http://206.206.76.193:10010/dot.gif

Attributes
  • watermark

    0

Signatures

  • Cobaltstrike

    Detected malicious payload which is part of Cobaltstrike.

    trojanbackdoorcobaltstrike
  • Cobaltstrike family
    cobaltstrike
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\947b389e989ad941ea4f45b29b29f5df1b3eff4d05cdcc970d8982669e627626.exe
    "C:\Users\Admin\AppData\Local\Temp\947b389e989ad941ea4f45b29b29f5df1b3eff4d05cdcc970d8982669e627626.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:1708

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1708-0-0x00000132F3DC0000-0x00000132F3DC1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1708-2-0x00000132F5DE0000-0x00000132F5E2E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1708-1-0x00000132F59E0000-0x00000132F5DE0000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/1708-3-0x00000132F5DE0000-0x00000132F5E2E000-memory.dmp

    Filesize

    312KB

    Download