General
-
Target
bf0904eddd9a8dd13262ab530a02dd44.exe
-
Size
219KB
-
Sample
210827-q7g4ttnprj
-
MD5
bf0904eddd9a8dd13262ab530a02dd44
-
SHA1
3e5e8d2d0eb1cbf869a72b19b338cadd61c8d35c
-
SHA256
d0e91145242e2c5e18b651260993c4559a016e7b3f5e10167b04949dcea8978a
-
SHA512
422f8c0ea0875cd9f87b12db343fa688e789aa404447cfda80e495ede317dd9261549635b8dddbaac6caa2c9d32097bd5a9f3eca847b206cfc41f25b2b1566a4
Malware Config
Extracted
cobaltstrike
1359593325
http://203.23.128.143:443/search/
-
access_type
512
-
beacon_type
2048
-
host
203.23.128.143,/search/
-
http_header1
AAAAEAAAABJIb3N0OiB3d3cuYmluZy5jb20AAAAKAAAAR0FjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44AAAACgAAADhDb29raWU6IERVUD1RPUdwTzFuSnBNbmFtNFVsbEVmbWVNZGcyJlQ9MjgzNzY3MDg4JkE9MSZJRwAAAAcAAAAAAAAADQAAAAUAAAABcQAAAAkAAAAJZ289U2VhcmNoAAAACQAAAAVxcz1icwAAAAkAAAAJZm9ybT1RQlJFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAAEAAAABJIb3N0OiB3d3cuYmluZy5jb20AAAAKAAAAR0FjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44AAAACgAAADhDb29raWU6IERVUD1RPUdwTzFuSnBNbmFtNFVsbEVmbWVNZGcyJlQ9MjgzNzY3MDg4JkE9MSZJRwAAAAcAAAABAAAADQAAAAUAAAABcQAAAAkAAAAJZ289U2VhcmNoAAAACQAAAAVxcz1icwAAAAcAAAAAAAAADQAAAAUAAAAEZm9ybQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
GET
-
jitter
5120
-
polling_time
60000
-
port_number
443
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCDTG2vuzGQ7RQhZDhLGdA9Nha+kHkyoM+t5Nm+SIx3kXJbg8qKsE5/tBoGbpbYWKwkv4AlV1r6oyws/Wqe71EYVGDx4mA35oJIltexpxLJ+zrOxLrSEJAhLKYKdWQ8U3Ks88GcXK/5fGLXSMnqyXBZiJDx9pAM+AbJDdnjG/59twIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
3.82554112e+09
-
unknown2
AAAABAAAAAEAAANBAAAAAgAAAqMAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown3
1.610612736e+09
-
uri
/Search/
-
user_agent
Mozilla/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
-
watermark
1359593325
Targets
-
-
Target
bf0904eddd9a8dd13262ab530a02dd44.exe
-
Size
219KB
-
MD5
bf0904eddd9a8dd13262ab530a02dd44
-
SHA1
3e5e8d2d0eb1cbf869a72b19b338cadd61c8d35c
-
SHA256
d0e91145242e2c5e18b651260993c4559a016e7b3f5e10167b04949dcea8978a
-
SHA512
422f8c0ea0875cd9f87b12db343fa688e789aa404447cfda80e495ede317dd9261549635b8dddbaac6caa2c9d32097bd5a9f3eca847b206cfc41f25b2b1566a4
Score10/10-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
suricata: ET MALWARE Cobalt Strike Beacon (Bing Profile)
suricata: ET MALWARE Cobalt Strike Beacon (Bing Profile)
-