General
-
Target
Employee-Bonus.exe
-
Size
97KB
-
Sample
210226-9h1pkd739a
-
MD5
b2a682b8fe731d3c9a97b8fbf1cd84ae
-
SHA1
ebbbbeadbfcff24fd604167a628cf12ab2bb9c6c
-
SHA256
84cef0aed269e6213bfa213d95a3db625bcdde130f33bf4227436985e4473252
-
SHA512
6aa9246f88e398d1167126e88c90fc5a4049d7361ec4853abd1094d667ba0be42964190f17c0b40615856d44724989439c2d9fb53cbd2b69b135832d8e8522f2
Malware Config
Extracted
cobaltstrike
windows/download_exec
http://jumpbill.com:443/image-directory/eso.jpg
Extracted
cobaltstrike
http://jumpbill.com:443/fo.html
-
access_type
512
-
beacon_type
2048
-
host
jumpbill.com,/fo.html
-
http_header1
AAAAEAAAABBIb3N0OiB0YW9iYW8uY29tAAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAALQWNjZXB0OiAqLyoAAAAKAAAAE0FjY2VwdC1FbmNvZGluZzogYnIAAAAHAAAAAAAAAAMAAAADAAAAAgAAAANsdT0AAAAGAAAABkNvb2tpZQAAAAkAAAAKcm91dGU9dHJ1ZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAAEAAAABBIb3N0OiB0YW9iYW8uY29tAAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAAZQWNjZXB0LUVuY29kaW5nOiBnemlwLCBicgAAAAoAAAAvQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQAAAAHAAAAAQAAAAsAAAADAAAAAgAAAAdjb2x1bW49AAAABAAAAAcAAAAAAAAAAwAAAAIAAAAOX19zZXNzaW9uX19pZD0AAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
2048
-
polling_time
5000
-
port_number
443
-
sc_process32
%windir%\syswow64\mstsc.exe
-
sc_process64
%windir%\sysnative\mstsc.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCcv/3/IXamiaHwZmpK+vGS9y8f+M4ZYHt2tXPCijcnp1k1Q9vSZI/e+F0Ft03Ri9P45fvEhYjakdV4cuO/f+03jKkRC6W1IBd7q5YKYUUlXdcfmezaljO+6yLXdlaJ1AO+7avZD+TcxEO2HBGaXcneeVY9g8as4ECKSvDcvS0EEwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
3.025605888e+09
-
unknown2
AAAABAAAAAIAAAJYAAAAAwAAAA8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/eso
-
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36
Targets
-
-
Target
Employee-Bonus.exe
-
Size
97KB
-
MD5
b2a682b8fe731d3c9a97b8fbf1cd84ae
-
SHA1
ebbbbeadbfcff24fd604167a628cf12ab2bb9c6c
-
SHA256
84cef0aed269e6213bfa213d95a3db625bcdde130f33bf4227436985e4473252
-
SHA512
6aa9246f88e398d1167126e88c90fc5a4049d7361ec4853abd1094d667ba0be42964190f17c0b40615856d44724989439c2d9fb53cbd2b69b135832d8e8522f2
Score10/10-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-