080ee6c068e95db7a776793e167fb4bb9ad0efcb424a400ed3efe697400fc73a.7z

General
Target

080ee6c068e95db7a776793e167fb4bb9ad0efcb424a400ed3efe697400fc73a.7z

Size

3MB

Sample

220119-wzszkscce9

Score
10 /10
MD5

13394cc693fe018d947cfb169b065fe5

SHA1

7a641c617d8056f9bbba07cdc9a7ca66e647d2c5

SHA256

d850202961a4ad215a5779c3794a11eeb82da11ab6ebdb52400e6b60fb1bdc2f

SHA512

5a1872864ba022dfac2d2ccb6c598d8434f53a5b3dfc72939a8728393d30e12d7b46607d545f35cdaf6cd43172a38e94354bc45b0e31b01dc07e3a2e599f478f

Malware Config

Extracted

Family cobaltstrike
C2

http://106.12.99.85:80/qu6A

Attributes
user_agent
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)
Targets
Target

080ee6c068e95db7a776793e167fb4bb9ad0efcb424a400ed3efe697400fc73a

MD5

b35f113ac3f89dc786064a81431ca438

Filesize

3MB

Score
10/10
SHA1

bd876ac81afbceaf4d4fc17e99c4f7012a92d4a4

SHA256

080ee6c068e95db7a776793e167fb4bb9ad0efcb424a400ed3efe697400fc73a

SHA512

1ec646e25c6d3242cb27e6b1c0d000e0dacdd2e927d7ae4422065f8905662f55ef9286eda7e9719fb083854fae87325dc0e3a4313ac800d2142fcfdd707dd822

Tags

Signatures

  • Cobaltstrike

    Description

    Detected malicious payload which is part of Cobaltstrike.

    Tags

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    Tags

    TTPs

    Query RegistryVirtualization/Sandbox Evasion
  • Checks BIOS information in registry

    Description

    BIOS information is often read in order to detect sandboxing environments.

    TTPs

    Query RegistrySystem Information Discovery
  • Checks whether UAC is enabled

    Tags

    TTPs

    System Information Discovery
  • Suspicious use of NtSetInformationThreadHideFromDebugger

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      7/10