warmcookie | 2bf8594ea21ca101000de7993a55ecdfa5ef34c96b020d87b634ad23a6594d3d | Triage

Submit
Reports

Overview

overview

Static

static

E88.30_Che...PN.exe

windows10-2004-x64

E88.30_Che...PN.exe

windows11-21h2-x64

Sharing

General

Target

E88.30_CheckPointVPN.exe
Size

61KB
Sample

250326-vsb7ta1n14
MD5

c9e06f125bec06a184f50d82659104cc
SHA1

34e8ee115a12efbf6603e9b97bdccaf1e0c69403
SHA256

2bf8594ea21ca101000de7993a55ecdfa5ef34c96b020d87b634ad23a6594d3d
SHA512

d9afb386dfc79ae401c3e8015cd5fdf018bd7f6f5456ca01d5f2bec702fba546133fdcb279cf7aec1163fc108ddb134116f24b127271dfeefdf8da1388adbfe8
SSDEEP

1536:fiarTMDj7EDePNlRMK8yAiIysblda47pcIc6W:qwTMwD0Nl38kIjdaai

Score

10^/10

warmcookie backdoor discovery

Static task

static1

backdoor warmcookie

2 signatures

Behavioral task

behavioral1

Sample

E88.30_CheckPointVPN.exe

Resource

win10v2004-20250314-en

warmcookie backdoor discovery

windows10-2004-x64

9 signatures

900 seconds

Behavioral task

behavioral2

Sample

E88.30_CheckPointVPN.exe

Resource

win11-20250313-en

warmcookie backdoor discovery

windows11-21h2-x64

9 signatures

900 seconds

Malware Config

Extracted

Family

warmcookie

C2

89.46.232.52

Attributes

mutex
fd3d0df6-f15b-49a5-a53a-276f51809bbd
user_agent
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0

Targets

- Target
  
  E88.30_CheckPointVPN.exe
- Size
  
  61KB
- MD5
  
  c9e06f125bec06a184f50d82659104cc
- SHA1
  
  34e8ee115a12efbf6603e9b97bdccaf1e0c69403
- SHA256
  
  2bf8594ea21ca101000de7993a55ecdfa5ef34c96b020d87b634ad23a6594d3d
- SHA512
  
  d9afb386dfc79ae401c3e8015cd5fdf018bd7f6f5456ca01d5f2bec702fba546133fdcb279cf7aec1163fc108ddb134116f24b127271dfeefdf8da1388adbfe8
- SSDEEP
  
  1536:fiarTMDj7EDePNlRMK8yAiIysblda47pcIc6W:qwTMwD0Nl38kIjdaai
Score

10^/10

warmcookie backdoor discovery
- Warmcookie family
  warmcookie
- Warmcookie, Badspace
  Warmcookie aka Badspace is a backdoor written in C++.
  backdoor warmcookie
- Executes dropped EXE
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

backdoorwarmcookie

behavioral1

warmcookiebackdoordiscovery

behavioral2

warmcookiebackdoordiscovery

© 2018-2025

Terms | Privacy