AnnualReport.exe

General
Target

AnnualReport.exe

Size

441KB

Sample

210203-l7gxbpmxls

Score
10 /10
MD5

2c00aaba1bad8a20cf1f154646e50878

SHA1

314c5dd041216b0eb130075961ab660004e39fdf

SHA256

52bbe09c7150ea66269c71bac8d0237fb0e6b0cae4ca63ab19807c310d6a1a0b

SHA512

f6b48cb567a808b2b25b113a84476178ae42ffa7f4d47e03f6ca0c3e31762316f539d1913afedb88de28a6164c6551705130f28a66bdedfd4d182cf1cdd37ce0

Malware Config

Extracted

Family cobaltstrike
Version windows/download_exec
C2

http://topservicebin.com:443/wp-includes/eo.png

Targets
Target

AnnualReport.exe

MD5

2c00aaba1bad8a20cf1f154646e50878

Filesize

441KB

Score
10 /10
SHA1

314c5dd041216b0eb130075961ab660004e39fdf

SHA256

52bbe09c7150ea66269c71bac8d0237fb0e6b0cae4ca63ab19807c310d6a1a0b

SHA512

f6b48cb567a808b2b25b113a84476178ae42ffa7f4d47e03f6ca0c3e31762316f539d1913afedb88de28a6164c6551705130f28a66bdedfd4d182cf1cdd37ce0

Tags

Signatures

  • Cobaltstrike

    Description

    Detected malicious payload which is part of Cobaltstrike.

    Tags

  • Suspicious use of NtCreateProcessExOtherParentProcess

  • Blocklisted process makes network request

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10

                          behavioral2

                          10/10