General
-
Target
1.dll
-
Size
668KB
-
Sample
210829-6wf1lh8c76
-
MD5
2a6aac08f29f10209082172127bed7d2
-
SHA1
2af2212558c3d28edc29b5d50e0590efd6f3c428
-
SHA256
5ab95684cb8a8355b3f2f334fce6f2a96333ce5b51ffb2e1030d8a36c85c43f0
-
SHA512
228dc24f824451357d16d0bae2483303c8af081998598d8680906e8c33ea78d32234491ca39d0d5e086ee26c833bef36132ee1e3e6862bb285bfca7c1621e14b
Static task
static1
Behavioral task
behavioral1
Sample
1.dll
Resource
win7v20210408
Behavioral task
behavioral2
Sample
1.dll
Resource
win10v20210408
Malware Config
Extracted
cobaltstrike
0
http://d1n2x5h0loustn.cloudfront.net:443/jquery-3.3.1.min.js
-
access_type
512
-
beacon_type
2048
-
host
d1n2x5h0loustn.cloudfront.net,/jquery-3.3.1.min.js
-
http_header1
AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAABAAAAAjSG9zdDogZDFuMng1aDBsb3VzdG4uY2xvdWRmcm9udC5uZXQAAAAKAAAAIFJlZmVyZXI6IGh0dHA6Ly9jb2RlLmpxdWVyeS5jb20vAAAACgAAAB5BY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUAAAAHAAAAAAAAAA0AAAACAAAACV9fY2ZkdWlkPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAABAAAAAjSG9zdDogZDFuMng1aDBsb3VzdG4uY2xvdWRmcm9udC5uZXQAAAAKAAAAIFJlZmVyZXI6IGh0dHA6Ly9jb2RlLmpxdWVyeS5jb20vAAAACgAAAB5BY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUAAAAHAAAAAAAAAA8AAAANAAAABQAAAAhfX2NmZHVpZAAAAAcAAAABAAAADwAAAA0AAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
9472
-
polling_time
60000
-
port_number
443
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7OhAgYHBCr6mdmNANZsYMUMQ4Z6lSs2KUnvC3p0BFUjQB4aq/yDf7kXIMJqmXW6wj9ovh+pILSeOYs7T/H9gct2r69afL5qdnUN9zwRYeebU8/nm/BA+XOe5TjTxTm1eGAbrZOlvXslKVhRbiedzD8tcJ+OyqRK19OcLflOVMVQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4.234810624e+09
-
unknown2
AAAABAAAAAEAAAXyAAAAAgAAAFQAAAACAAAPWwAAAA0AAAAPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/jquery-3.3.2.min.js
-
user_agent
Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
-
watermark
0
Targets
-
-
Target
1.dll
-
Size
668KB
-
MD5
2a6aac08f29f10209082172127bed7d2
-
SHA1
2af2212558c3d28edc29b5d50e0590efd6f3c428
-
SHA256
5ab95684cb8a8355b3f2f334fce6f2a96333ce5b51ffb2e1030d8a36c85c43f0
-
SHA512
228dc24f824451357d16d0bae2483303c8af081998598d8680906e8c33ea78d32234491ca39d0d5e086ee26c833bef36132ee1e3e6862bb285bfca7c1621e14b
Score10/10-
suricata: ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response
suricata: ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response
-