General
-
Target
284b3dde6049c0d9be0c3cd55b0e5c286796d937e4964347e3d3fb8fda495cfc.bin
-
Size
4.4MB
-
Sample
210728-pbrmvp6tb6
-
MD5
007f1c18e002c1d5c8fbba68e76ab5cf
-
SHA1
00d54bbcfed3248bd360c605eaf2e75bd85e4b99
-
SHA256
284b3dde6049c0d9be0c3cd55b0e5c286796d937e4964347e3d3fb8fda495cfc
-
SHA512
10addb33452b5c436561097c9e3564785fc92b1857ccd0da0e5a7e903e370ab210403015ca694fee8873b3bc2cc1b4ceac9242409aa2b2f886f5e2c23434e157
Static task
static1
Behavioral task
behavioral1
Sample
284b3dde6049c0d9be0c3cd55b0e5c286796d937e4964347e3d3fb8fda495cfc.bin.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
284b3dde6049c0d9be0c3cd55b0e5c286796d937e4964347e3d3fb8fda495cfc.bin.exe
Resource
win10v20210408
Malware Config
Extracted
cobaltstrike
http://101.37.15.184:8888/SUqD
-
user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENUSMSCOM)
Targets
-
-
Target
284b3dde6049c0d9be0c3cd55b0e5c286796d937e4964347e3d3fb8fda495cfc.bin
-
Size
4.4MB
-
MD5
007f1c18e002c1d5c8fbba68e76ab5cf
-
SHA1
00d54bbcfed3248bd360c605eaf2e75bd85e4b99
-
SHA256
284b3dde6049c0d9be0c3cd55b0e5c286796d937e4964347e3d3fb8fda495cfc
-
SHA512
10addb33452b5c436561097c9e3564785fc92b1857ccd0da0e5a7e903e370ab210403015ca694fee8873b3bc2cc1b4ceac9242409aa2b2f886f5e2c23434e157
Score10/10-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Loads dropped DLL
-