Overview

overview

10

Static

static

3

c2cf7d40f8...8N.exe

windows7-x64

10

c2cf7d40f8...8N.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    111s
  • max time network
    98s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-12-2024 15:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c2cf7d40f822651574ffaf6197f1d01e19bdf713de9eeeb41061825806145cc8N.exe

  • Size

    281KB

  • MD5

    8ff608054eccc339578fe73eccd780f0

  • SHA1

    216a2e72b02cc8daed467d7240cdfb6fdc51802a

  • SHA256

    c2cf7d40f822651574ffaf6197f1d01e19bdf713de9eeeb41061825806145cc8

  • SHA512

    f6820ffe7817ea8296f2e92a45d282fd87c582216fb4e3b49a51cdd615d4efa8996e326907b3fca8c76dde640a3da8b4ba68a3f5818db3ef532d7ef3e757f98c

  • SSDEEP

    6144:8uE1V4ulfCHB+hXuRGRpyEatPbeG7CxM82qhL:pEzsCXu4y3bexl

Score
10/10
cobaltstrike0305419896backdoortrojan

Malware Config

Extracted

Family

cobaltstrike

Botnet

305419896

C2

http://202.104.21.254:18421/ga.js

Attributes
  • access_type

    512

  • host

    202.104.21.254,/ga.js

  • http_header1

    AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_method1

    GET

  • http_method2

    POST

  • maxdns

    255

  • polling_time

    60000

  • port_number

    18421

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVb1k2kvPhA3QNqpdZ2gCMpmlSCgdFZdi31G3oY6zaYShaiZ9BU817BS/2VWWJK2EFzOHJ19lpUEQWJxfEwac8ks1xHtmnbHuei+liQD+A1Hkh4g4rhkd9wbaoGWHY1KMEEOtANJyEd1av9VEdyoXZXc/bpWfsz8+DPjeDcxdFwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /submit.php

  • user_agent

    Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)

  • watermark

    305419896

Extracted

Family

cobaltstrike

Botnet

0

Attributes
  • watermark

    0

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\c2cf7d40f822651574ffaf6197f1d01e19bdf713de9eeeb41061825806145cc8N.exe
    "C:\Users\Admin\AppData\Local\Temp\c2cf7d40f822651574ffaf6197f1d01e19bdf713de9eeeb41061825806145cc8N.exe"
    1⤵
      PID:3736

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3736-0-0x0000000000750000-0x0000000000790000-memory.dmp

      Filesize

      256KB

      Download

    • memory/3736-1-0x0000000000790000-0x00000000007DC000-memory.dmp

      Filesize

      304KB

      Download

    • memory/3736-2-0x0000000000400000-0x000000000044E000-memory.dmp

      Filesize

      312KB

      Download

    • memory/3736-3-0x0000000000790000-0x00000000007DC000-memory.dmp

      Filesize

      304KB

      Download