General
-
Target
aergtege
-
Size
193KB
-
Sample
210908-p8lhjaeeb2
-
MD5
bbaaab39b48ce42eb121749191f5a5d4
-
SHA1
0c186968352482a20f4e45144247168e8d1c9d90
-
SHA256
a97e8ce7aed4302f8f922017a86a17d185dc2cb03fb7665139dd7c84b05f129e
-
SHA512
09798b4502f1b25de536d5d3b1ea1bda9e6611d336deba3393a41ce4fff11205b725b3ebc36d1083e347ecabf5c1bcf8b96a96ebb85a39b5716b75fd78537cfa
Malware Config
Extracted
cobaltstrike
1359593325
http://108.62.141.183:80/templates.css
-
access_type
512
-
host
108.62.141.183,/templates.css
-
http_header1
AAAAEAAAAB9Ib3N0OiBzb3Bob3Njb25uZWN0c2VjdXJpdHkuY29tAAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAcAAAAAAAAACAAAAAMAAAACAAAAFHdvcmRwcmVzc19sb2dnZWRfaW49AAAABgAAAAZDb29raWUAAAAJAAAACW1kNT1mYWxzZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAAEAAAAB9Ib3N0OiBzb3Bob3Njb25uZWN0c2VjdXJpdHkuY29tAAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAAWQWNjZXB0LUxhbmd1YWdlOiBlbi1VUwAAAAoAAAAvQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQAAAAHAAAAAQAAAA0AAAADAAAAAgAAAAVmdWxsPQAAAAQAAAAHAAAAAAAAAAMAAAACAAAADl9fc2Vzc2lvbl9faWQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
10496
-
polling_time
64830
-
port_number
80
-
sc_process32
%windir%\syswow64\svchost.exe
-
sc_process64
%windir%\sysnative\svchost.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJvC2CQYaIouT41kXKVNrM5lLvclGJRE+i3ves+vC0AADUWTPs64Dn/B4eKlQKPpbC/8IgJjadD/B9pZiY8XUlk4dvaagLdjBCq7uSxS+KhVVsX46LBSBgIxaE4AeoZvwBD2n0wdeeI2sbkMvDhhv5s6Nmz12sAtOVGdr8cX3s5QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
1.13010816e+09
-
unknown2
AAAABAAAAAIAAAbnAAAAAwAAAA8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/ky
-
user_agent
Mozilla/5.0 (Linux; Android 8.0.0; SM-G960F Build/R16NW) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202
-
watermark
1359593325
Targets
-
-
Target
aergtege
-
Size
193KB
-
MD5
bbaaab39b48ce42eb121749191f5a5d4
-
SHA1
0c186968352482a20f4e45144247168e8d1c9d90
-
SHA256
a97e8ce7aed4302f8f922017a86a17d185dc2cb03fb7665139dd7c84b05f129e
-
SHA512
09798b4502f1b25de536d5d3b1ea1bda9e6611d336deba3393a41ce4fff11205b725b3ebc36d1083e347ecabf5c1bcf8b96a96ebb85a39b5716b75fd78537cfa
Score10/10-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
Blocklisted process makes network request
-