General
-
Target
e3342127aa743721472025f865ac4027244d3f08033111166b741ffe1d2452ae
-
Size
3.2MB
-
Sample
211224-tsrf3adedq
-
MD5
54d3dcc9b1d3cba50127a4e4501e766b
-
SHA1
27fa1da40a60218871e334bc84fd60a12947057f
-
SHA256
e3342127aa743721472025f865ac4027244d3f08033111166b741ffe1d2452ae
-
SHA512
ede4343931b3f7967088701dd42b8871fca5671fe2b21be28e6134105d12e813ed734bb31925e8ffe3892482a796d06e1b5014e5de3bdbaa07249d6313a4e911
Static task
static1
Behavioral task
behavioral1
Sample
e3342127aa743721472025f865ac4027244d3f08033111166b741ffe1d2452ae.exe
Resource
win10-en-20211208
Malware Config
Extracted
cobaltstrike
0
http://cache.pay-api.api-cloudflare.com:8081/cm
-
access_type
512
-
host
cache.pay-api.api-cloudflare.com,/cm
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_method1
GET
-
http_method2
POST
-
maxdns
255
-
polling_time
60000
-
port_number
8081
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCHhLDzJ2hK145e+p7Zblj41w92apyesEIV+p6hDB0a3Lq41gQGX1ERtYqDr+EmXrY4rpSD/xw1GdPNwlmS/3xsEcI0irDFJPK8UY83Ra2siqrAr8M0r5VfFBuZOTMKqm66I4zK3X4I+HRRHpMED0tKni4GsFkwNBYzWNy1SWy5aQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MANM)
-
watermark
0
Targets
-
-
Target
e3342127aa743721472025f865ac4027244d3f08033111166b741ffe1d2452ae
-
Size
3.2MB
-
MD5
54d3dcc9b1d3cba50127a4e4501e766b
-
SHA1
27fa1da40a60218871e334bc84fd60a12947057f
-
SHA256
e3342127aa743721472025f865ac4027244d3f08033111166b741ffe1d2452ae
-
SHA512
ede4343931b3f7967088701dd42b8871fca5671fe2b21be28e6134105d12e813ed734bb31925e8ffe3892482a796d06e1b5014e5de3bdbaa07249d6313a4e911
Score10/10-
suricata: ET MALWARE Cobalt Strike Beacon Observed
suricata: ET MALWARE Cobalt Strike Beacon Observed
-