General
-
Target
!.bin
-
Size
5.2MB
-
Sample
211111-w269zsbhb6
-
MD5
c1e722db229bd6dd596663f6f08aa654
-
SHA1
e8f2847b2bc4e1585f47a46161c192caf3978d02
-
SHA256
6b88286b240db5630c98d895fd188d079b4a88790dee601645afab7ae28cc578
-
SHA512
b415b68edcc8488f82f1dd9537640b35c22f4321f622cbac59f44fbe22ab36890a3ed13c1bf292c1e417f88ef9d72f79e810cbc114711ed00219304ea341303c
Static task
static1
Behavioral task
behavioral1
Sample
!.bin.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
!.bin.exe
Resource
win10-en-20211014
Malware Config
Extracted
cobaltstrike
http://101.35.100.211:58888/bEIm
-
user_agent
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Targets
-
-
Target
!.bin
-
Size
5.2MB
-
MD5
c1e722db229bd6dd596663f6f08aa654
-
SHA1
e8f2847b2bc4e1585f47a46161c192caf3978d02
-
SHA256
6b88286b240db5630c98d895fd188d079b4a88790dee601645afab7ae28cc578
-
SHA512
b415b68edcc8488f82f1dd9537640b35c22f4321f622cbac59f44fbe22ab36890a3ed13c1bf292c1e417f88ef9d72f79e810cbc114711ed00219304ea341303c
Score10/10-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Loads dropped DLL
-