Overview

overview

10

Static

static

3

a665dc3d0e...25.exe

windows10-2004-x64

10

a665dc3d0e...25.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    100s
  • max time network
    104s
  • platform
    windows11-21h2_x64
  • resource
    win11-20250410-en
  • resource tags

    arch:x64arch:x86image:win11-20250410-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    15/04/2025, 16:52 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a665dc3d0e8890b660d9084aab04eac00fd970eba9afbbffe925e2482246f325.exe

  • Size

    4.8MB

  • MD5

    a40f6e0f17d53efd522b1da4455ed460

  • SHA1

    e5207a04dffe4df3e65d89e39a7d71d9575b77f8

  • SHA256

    a665dc3d0e8890b660d9084aab04eac00fd970eba9afbbffe925e2482246f325

  • SHA512

    6c76de1b4473b9bb878084e5bda701d78a30855b2735de212ed788a01740e1e0e7600b3dca1fcda222db0f8b38f1a66b4f0034d4f29a03f57edfff6814674398

  • SSDEEP

    3072:tJp1EO+4LmV5stwdJkocF/g0z7UxYfOT8+KWqG8u01b3n3KZvzCsiGnfbMJfbMmQ:tVEOJLAAwdBc5fOo+FqG891b3e+NRi

Score
10/10
cobaltstrike0100000backdoortrojan

Malware Config

Extracted

Family

cobaltstrike

Botnet

100000

C2

http://192.168.40.131:80/match

Attributes
  • access_type

    512

  • host

    192.168.40.131,/match

  • http_header1

    AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • polling_time

    60000

  • port_number

    80

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCurHEYGtPWAJ5pJwkNWztnzHftrgCerc+/2MVvSL6xpYVZKSDmqojoiKPuDJjiTM0Z3zTS720ZjEtCUiJeruKZHuQHoiRvrqy/9BrFAf5gnspLbVBVNbUEGfsLvbgAWkMlwEM9fKOEyUPDhuanXqgdGZLraBNp4XfslcAiX0EJ/wIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /submit.php

  • user_agent

    Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0; MASP)

  • watermark

    100000

Extracted

Family

cobaltstrike

Botnet

0

Attributes
  • watermark

    0

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\a665dc3d0e8890b660d9084aab04eac00fd970eba9afbbffe925e2482246f325.exe
    "C:\Users\Admin\AppData\Local\Temp\a665dc3d0e8890b660d9084aab04eac00fd970eba9afbbffe925e2482246f325.exe"
    1⤵
      PID:3164

    Network

    • flag-us
      GET
      http://cloudflare.com/cdn-cgi/trace/
      a665dc3d0e8890b660d9084aab04eac00fd970eba9afbbffe925e2482246f325.exe
      Remote address:
      104.16.132.229:80
      Request
      GET /cdn-cgi/trace/ HTTP/1.1
      Host: cloudflare.com
      Cache-Control: no-cache
      Response
      HTTP/1.1 200 OK
      Date: Tue, 15 Apr 2025 16:52:24 GMT
      Content-Type: text/plain
      Transfer-Encoding: chunked
      Connection: keep-alive
      Access-Control-Allow-Origin: *
      Server: cloudflare
      CF-RAY: 930cf40739dd732a-LHR
      X-Frame-Options: DENY
      X-Content-Type-Options: nosniff
      Expires: Thu, 01 Jan 1970 00:00:01 GMT
      Cache-Control: no-cache
    • 104.16.132.229:80
      http://cloudflare.com/cdn-cgi/trace/
      http
      a665dc3d0e8890b660d9084aab04eac00fd970eba9afbbffe925e2482246f325.exe
      401 B
       703 B
       7
      4

      HTTP Request

      GET http://cloudflare.com/cdn-cgi/trace/

      HTTP Response

      200
    • 192.168.40.131:80
      a665dc3d0e8890b660d9084aab04eac00fd970eba9afbbffe925e2482246f325.exe
      260 B
       5
    • 192.168.40.131:80
      a665dc3d0e8890b660d9084aab04eac00fd970eba9afbbffe925e2482246f325.exe
      260 B
       5
    No results found

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3164-0-0x000001E89EC20000-0x000001E89EC61000-memory.dmp

      Filesize

      260KB

      Download

    • memory/3164-1-0x000001E89EC70000-0x000001E89ECBF000-memory.dmp

      Filesize

      316KB

      Download

    • memory/3164-2-0x000001E89EC70000-0x000001E89ECBF000-memory.dmp

      Filesize

      316KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.