General
-
Target
cs.exe
-
Size
219KB
-
Sample
211005-n3g3gsaabq
-
MD5
45cdacba09aaf18977ac3efdb9efd6a2
-
SHA1
4db736c6961448294584bda83d4e3d94304ed757
-
SHA256
0bccc0b8c5cdc0d402c3cb89e82a11d57babe5ad610a63f2cf7c3d30d69bc91d
-
SHA512
d82f0f82aa1c9191c9aa8e964b619af82314488e05101e9e922f157ca3f285a7fa14a2e9e6871f6d591a8bc6c489be743f9e2c78fd55cbf749bb70c72179defb
Malware Config
Extracted
cobaltstrike
1359593325
http://pypi.python.org:443/questions/32251816/c-sharp-directives-compilation-error
-
access_type
512
-
beacon_type
2048
-
host
pypi.python.org,/questions/32251816/c-sharp-directives-compilation-error
-
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQWNjZXB0LUxhbmd1YWdlOiBlbi1VUwAAAAcAAAAAAAAACAAAAAIAAAAFcHJvdj0AAAABAAAADjtub3RpY2UtY3R0PSExAAAAAQAAAA87X2dhPUdBMS4yLjk5MjQAAAABAAAABztfZ2F0PTEAAAABAAAAEDtfX3FjYT1QMC0yMTQ0NTkAAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAATQWNjZXB0LUxhbmd1YWdlOiBlbgAAAAcAAAABAAAACAAAAAIAAAAFcHJvdj0AAAABAAAADjtub3RpY2UtY3R0PSExAAAAAQAAAA87X2dhPUdBMS4yLjk5MjQAAAABAAAABztfZ2F0PTEAAAABAAAAEDtfX3FjYT1QMC0yMTQ0NTkAAAAGAAAABkNvb2tpZQAAAAcAAAAAAAAADQAAAAUAAAAJYW5zd2VydGFiAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
GET
-
jitter
5632
-
polling_time
35000
-
port_number
443
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCAJ9HSCGpsUISIdcX9KSquGTBtNV2BM1E1rv+Ft+mdYImNxh8Nz4froDPf/4X+lKkxgW23GjBft5PITEy/oAJK/Q65fMN90V89aOXvFqTE43YBWaqDawPzPt6cDALvUtnULBWceckc0qo9kOwxn9N4aAi7RLBSP9beFe5VEP7yUQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
3.445232896e+09
-
unknown2
AAAABAAAAAEAAAQ/AAAAAgAAABEAAAACAAAATgAAAAIAAAAHAAAAAgAAAHMAAAACAAAAXgAAAAIAAAABAAAADQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown3
1.610612736e+09
-
uri
/questions/32251817/c-sharp-directives-compilation-error
-
user_agent
Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36
-
watermark
1359593325
Targets
-
-
Target
cs.exe
-
Size
219KB
-
MD5
45cdacba09aaf18977ac3efdb9efd6a2
-
SHA1
4db736c6961448294584bda83d4e3d94304ed757
-
SHA256
0bccc0b8c5cdc0d402c3cb89e82a11d57babe5ad610a63f2cf7c3d30d69bc91d
-
SHA512
d82f0f82aa1c9191c9aa8e964b619af82314488e05101e9e922f157ca3f285a7fa14a2e9e6871f6d591a8bc6c489be743f9e2c78fd55cbf749bb70c72179defb
Score10/10-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
suricata: ET MALWARE Cobalt Strike Malleable C2 Request (Stackoverflow Profile)
suricata: ET MALWARE Cobalt Strike Malleable C2 Request (Stackoverflow Profile)
-