General
Target

oben32.dll

Size

354KB

Sample

211214-q5xl3afgf6

Score
10/10
MD5

b873bfa8dec8c3a1f62c30903e59e849

SHA1

2c4aaefe0c20843db9b9f4996d42c7563b081097

SHA256

fba9dd0ebb8d838fa394cda10dca50450d8c0fc6158deff38904072140d64507

SHA512

a8c0a467788335297f34b9a60401b0ef50e023d0efc0b77eaf560decc785ed2c2b79534e14451aab747e307baa057fad0956e2941ff28b9995d4dbbd6e762457

Malware Config

Extracted

Family

cobaltstrike

C2

http://api.musicbee.getlist.destinycraftpe.com:443/azure/v2/api

Attributes
user_agent
Content-Type: application/json accept: */* cookie: HSID=cl0gxhLgPAirQvdbj sec-ch-ua: Chromium;v=91 sec-ch-ua-mobile: ?0 sec-fetch-site: same-site sec-fetch-mode: cors sec-fetch-dest: empty accept-encoding: gzip, deflate accept-language: en X-Amz-Cf-Pop: HTL55-C2 User-Agent: MusicBee/3.4
Targets
Target

oben32.dll

MD5

b873bfa8dec8c3a1f62c30903e59e849

Filesize

354KB

Score
10/10
SHA1

2c4aaefe0c20843db9b9f4996d42c7563b081097

SHA256

fba9dd0ebb8d838fa394cda10dca50450d8c0fc6158deff38904072140d64507

SHA512

a8c0a467788335297f34b9a60401b0ef50e023d0efc0b77eaf560decc785ed2c2b79534e14451aab747e307baa057fad0956e2941ff28b9995d4dbbd6e762457

Tags

Signatures

  • Cobaltstrike

    Description

    Detected malicious payload which is part of Cobaltstrike.

    Tags

  • Suspicious use of NtCreateProcessExOtherParentProcess

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          Score
                          N/A

                          behavioral1

                          Score
                          10/10

                          behavioral2

                          Score
                          10/10