4b792c505b6dedad9f2a21c866212e96ae12c8415e3e9b249fa235e63398c2c8

General
Target

4b792c505b6dedad9f2a21c866212e96ae12c8415e3e9b249fa235e63398c2c8

Size

844KB

Sample

210420-6brjvtqr7n

Score
10 /10
MD5

3dfc20d3780cb61f0654ef3116bdc8bb

SHA1

5efe6acfb7e80c23f5734b020578f032342fc77d

SHA256

4b792c505b6dedad9f2a21c866212e96ae12c8415e3e9b249fa235e63398c2c8

SHA512

227904c9efe3ded15599ab1a555aee56721fc0059a0c8b4c42dee5c8c6208434b4ed72c0d878c98c21fec0695569e98fb99fb4781f88fa3eca7256bb560abd90

Malware Config

Extracted

Family cobaltstrike
C2

http://fashmie.com:443/assets/environment-f0a84e0c1.js

Attributes
access_type
512
beacon_type
2048
create_remote_thread
0
day
0
dns_idle
0
dns_sleep
0
host
fashmie.com,/assets/environment-f0a84e0c1.js
http_header1
AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAAAoAAAAbUmVmZXJlcjogaHR0cDovL2dvb2dsZS5jb20vAAAACgAAAB5BY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUAAAAHAAAAAAAAAA0AAAACAAAAE19fQ2h1bmtTZXNzaW9uRGF0YT0AAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAAAoAAAAfUmVmZXJlcjogaHR0cDovL3d3dy5nb29nbGUuY29tLwAAAAoAAAAeQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlAAAABwAAAAAAAAAPAAAADQAAAAUAAAAQX19DaHVua0F1dGhUb2tlbgAAAAcAAAABAAAADwAAAA0AAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
injection_process
jitter
9472
maxdns
0
month
0
pipe_name
polling_time
25000
port_number
443
proxy_password
proxy_server
proxy_username
sc_process32
%windir%\syswow64\dllhost1.exe
sc_process64
%windir%\sysnative\dllhost1.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDDa14pI+KHc4hacVJaYyMZHO0bzpDtNhP+JNn5mApEDAj9xpSHnp8rVq0Ekc9691bMZnfxnHdhxmXcSdPtBtI/nTtBlOnO/FZx9YuRssfXOP63XJ5eosw0DH6V5MM5EtAGUAlxGRS0okFP14AH9ACPjPhNXKgUhfGoWfDbnpwJnQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
3.3969984e+09
unknown2
AAAABAAAAAEAAAAyAAAAAgAAACQAAAACAAAlGQAAAA0AAAAPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown3
0
unknown4
0
unknown5
0
uri
/assets/chunk-vendor-4c69db4f.js
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.190 Safari/537.36
year
0
Targets
Target

4b792c505b6dedad9f2a21c866212e96ae12c8415e3e9b249fa235e63398c2c8

MD5

3dfc20d3780cb61f0654ef3116bdc8bb

Filesize

844KB

Score
10 /10
SHA1

5efe6acfb7e80c23f5734b020578f032342fc77d

SHA256

4b792c505b6dedad9f2a21c866212e96ae12c8415e3e9b249fa235e63398c2c8

SHA512

227904c9efe3ded15599ab1a555aee56721fc0059a0c8b4c42dee5c8c6208434b4ed72c0d878c98c21fec0695569e98fb99fb4781f88fa3eca7256bb560abd90

Tags

Signatures

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          9/10

                          behavioral1

                          10/10

                          behavioral2

                          10/10