General
-
Target
PerformanceReview.html
-
Size
1.1MB
-
Sample
220113-l94tqahch6
-
MD5
08287096d731608c6d79e58d5ec6db23
-
SHA1
a9e51f4649739bf75740fc9f755563cbe3780bfa
-
SHA256
1eca90b11008621f5ce811ec2af5df1bf277162ddcbb217302d36e8fab4b313e
-
SHA512
30cd4b79f95cfceb3556f7251ba7ff04037dc17b3c5a2cd15db22dc5103de3ee59924e48c51558f9585ffe96f7ff6f5b947e65d525b4ccea9c268c7a7b8ec8c1
Malware Config
Extracted
cobaltstrike
2026047692
http://www.stackpath.com:443/gp/aj/private/reviewsGallery/get-application-resources
http://stackpath.com:443/en-us/p/book-2/8MCPZJJCC98C
http://tracking.boostbank.com:443/v1/buckets/default/ext-5dkJ19tFufpMZjVJbsWCiqDcclDw/records
http://www.bankalsharq.com:443/api2/json/access/ticket
-
access_type
512
-
beacon_type
2048
-
host
www.stackpath.com,/gp/aj/private/reviewsGallery/get-application-resources,stackpath.com,/en-us/p/book-2/8MCPZJJCC98C,tracking.boostbank.com,/v1/buckets/default/ext-5dkJ19tFufpMZjVJbsWCiqDcclDw/records,www.bankalsharq.com,/api2/json/access/ticket
-
http_header1
AAAACgAAAJBBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LGltYWdlL3dlYnAsaW1hZ2UvYXZpZixpbWFnZS9hcG5nLCovKjtxPTAuOCxhcHBsaWNhdGlvbi9zaWduZWQtZXhjaGFuZ2VkL3Y9YjM7cT0wLjkAAAAKAAAAH0FjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjkAAAAKAAAAIkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZSwgYnIAAAAHAAAAAAAAAAgAAAAPAAAAAwAAAAIAAAAtZGlzcGxheS1jdWx0dXJlPWVuO2NoZWNrPXRydWU7bGJjcz0wO3Nlc3MtaWQ9AAAAAQAAACA7U0lEQ0M9QU4wLU5SWTRDSkdLOU9sQWU7VG1tdjQ9QwAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAAJBBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LGltYWdlL2F2aWYsaW1hZ2Uvd2VicCxpbWFnZS9hcG5nLCovKjtxPTAuOCxhcHBsaWNhdGlvbi9zaWduZWQtZXhjaGFuZ2VkL3Y9YjM7cT0wLjkAAAAKAAAAH0FjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjkAAAAKAAAAIkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZSwgYnIAAAAHAAAAAAAAAA8AAAANAAAAAgAAAARzZXMtAAAABQAAAAJwcQAAAAcAAAABAAAACAAAAA8AAAANAAAAAgAAACl7ImxvY2FsZSI6ImVuIiwiY2hhbm5lbCI6InByb2QiLCJhZGRvbiI6IgAAAAEAAAACIn0AAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
23040
-
polling_time
15000
-
port_number
443
-
sc_process32
%windir%\syswow64\WerFault -a
-
sc_process64
%windir%\sysnative\WerFault -a
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9Ardq2bQHj9fPwtDjldcNQ1sHFEhpeHV6Oli9QHCc5hlE4zse5KwiLv5ufpdRxLzTeYZpr8jcvY6eNRKgukGpCUaeScNBjCU0e+yVZgr0IyCdbtUxeR0VWYcKA34vp42AVPaimH7ioVKXk8KJSb22eNbkGTZa/iokb4xD/NdWsQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
3.0086976e+09
-
unknown2
AAAABAAAAAEAAAADAAAAAgAAAFQAAAADAAAADwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/v1/stats
-
user_agent
Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
-
watermark
2026047692
Targets
-
-
Target
PerformanceReview.html
-
Size
1.1MB
-
MD5
08287096d731608c6d79e58d5ec6db23
-
SHA1
a9e51f4649739bf75740fc9f755563cbe3780bfa
-
SHA256
1eca90b11008621f5ce811ec2af5df1bf277162ddcbb217302d36e8fab4b313e
-
SHA512
30cd4b79f95cfceb3556f7251ba7ff04037dc17b3c5a2cd15db22dc5103de3ee59924e48c51558f9585ffe96f7ff6f5b947e65d525b4ccea9c268c7a7b8ec8c1
Score10/10-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-