Description
Detected malicious payload which is part of Cobaltstrike.
General
Target
Size
Sample
gwui.dll
211KB
220208-11v8jsffhq
Score
10/10
MD5
SHA1
SHA256
SHA512
ac581207ef80437a961f2ada3a47d763
62964395bbc5fbee65dac62e0233ce8377674b2c
b6262f4aa06d0bf045d95e3fcbc142f1d1d98f053da5714e3570482f0cf93b65
e0e079b3271cf71b582c6d1ea9326860f7c7467051c7aaacab7f19115390655341200fdba1e0b01e2b6225e8ed2efb0a1cdc55bd7fccb120060d89cb0d493bc2
Malware Config
Extracted
| Family | cobaltstrike |
| C2 |
http://foxofeli.com:443/image-directory/dhl.jpg |
| Attributes |
user_agent Host: weibo.com
Connection: close
Accept-Language: fr-CH, fr;q=0.9, en;q=0.8, de;q=0.7, *;q=0.5
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_2) AppleWebKit/601.3.9 (KHTML, like Gecko) Version/9.0.2 Safari/601.3.9
|
Targets
Target
MD5
Filesize
gwui.dll
ac581207ef80437a961f2ada3a47d763
211KB
Score
10/10
SHA1
SHA256
SHA512
62964395bbc5fbee65dac62e0233ce8377674b2c
b6262f4aa06d0bf045d95e3fcbc142f1d1d98f053da5714e3570482f0cf93b65
e0e079b3271cf71b582c6d1ea9326860f7c7467051c7aaacab7f19115390655341200fdba1e0b01e2b6225e8ed2efb0a1cdc55bd7fccb120060d89cb0d493bc2
Tags
Signatures
-
Cobaltstrike
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks
static1
Score
N/A
behavioral1
Score
10/10
behavioral2
Score
10/10