General
-
Target
1c96ff0aeb13f61afefa436ba17af2f783113d5e29b067e5f12259500c4e44a3
-
Size
278KB
-
Sample
220117-ps5apsadfp
-
MD5
92e302b598be6c149209c33b1e6d33c2
-
SHA1
8e5e79a529651017b9487318c1e12e6255279c36
-
SHA256
1c96ff0aeb13f61afefa436ba17af2f783113d5e29b067e5f12259500c4e44a3
-
SHA512
0730cbebd0dfcb9d70d3a7317dbde4c213a67a1d599122bcbb451fcff78e0ab6c2d9ab9bcf5cec78dfdf6fbec35570f3adad7ef6103e1fc8474c33618e132721
Static task
static1
Behavioral task
behavioral1
Sample
1c96ff0aeb13f61afefa436ba17af2f783113d5e29b067e5f12259500c4e44a3.exe
Resource
win10-en-20211208
Malware Config
Extracted
cobaltstrike
426352781
http://46.17.98.180:3254/push
-
access_type
512
-
beacon_type
2048
-
host
46.17.98.180,/push
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
3254
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCDXNMofGkCyNUn8qZuFWifMlXfTzaQKjEGDr257ki7OXdp7ETU1kQeaWpxVZ5Beh31U+4HTagxCwsGsl5RpT0HHBnETOx7wbON+jYNk0tVIepOu/TifjYs+VOwKYCqnVZStS/1BHq5z3rQiAkXGV7IvSZPQOqCG0e3pDJHSQirvQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MASB)
-
watermark
426352781
Targets
-
-
Target
1c96ff0aeb13f61afefa436ba17af2f783113d5e29b067e5f12259500c4e44a3
-
Size
278KB
-
MD5
92e302b598be6c149209c33b1e6d33c2
-
SHA1
8e5e79a529651017b9487318c1e12e6255279c36
-
SHA256
1c96ff0aeb13f61afefa436ba17af2f783113d5e29b067e5f12259500c4e44a3
-
SHA512
0730cbebd0dfcb9d70d3a7317dbde4c213a67a1d599122bcbb451fcff78e0ab6c2d9ab9bcf5cec78dfdf6fbec35570f3adad7ef6103e1fc8474c33618e132721
Score10/10-
suricata: ET MALWARE Cobalt Strike Beacon Observed
suricata: ET MALWARE Cobalt Strike Beacon Observed
-
suricata: ET MALWARE Cobalt Strike Beacon Observed (MASB UA)
suricata: ET MALWARE Cobalt Strike Beacon Observed (MASB UA)
-