General
-
Target
bc37c01615f39bfaa06017a02e71d24c5aa4bb0159604230ff8ab325f29e685e
-
Size
6.3MB
-
Sample
220622-fldpqsgeep
-
MD5
1519311bb7f672fd407d30f8dfa11717
-
SHA1
4cddd8e4123f28b4acfdad06af3197238b97d3bb
-
SHA256
bc37c01615f39bfaa06017a02e71d24c5aa4bb0159604230ff8ab325f29e685e
-
SHA512
403f52efe0cf16408400091997d8354c09c3931829b78822bea7a93e689cff6478790c2828b6d850ee7ce9a2cbcffea045dacfda352329a96dcbe6d3059c1eb0
Static task
static1
Behavioral task
behavioral1
Sample
bc37c01615f39bfaa06017a02e71d24c5aa4bb0159604230ff8ab325f29e685e.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
bc37c01615f39bfaa06017a02e71d24c5aa4bb0159604230ff8ab325f29e685e.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
cobaltstrike
1
http://oa.shfe.tk:2053/download/jquery-3.3.1.slim.min.js/3
-
access_type
512
-
beacon_type
2048
-
host
oa.shfe.tk,/download/jquery-3.3.1.slim.min.js/3
-
http_header1
AAAAEAAAABFIb3N0OiB3d3cuc2hmZS50awAAAAoAAAAgUmVmZXJlcjogaHR0cDovL2NvZGUuanF1ZXJ5LmNvbS8AAAAKAAAAHkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQAAAAoAAABHQWNjZXB0OiB0ZXh0L2h0bWwsYXBwbGljYXRpb24veGh0bWwreG1sLGFwcGxpY2F0aW9uL3htbDtxPTAuOSwqLyo7cT0wLjgAAAAKAAAAH0FjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjUAAAAHAAAAAAAAAAMAAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAAEAAAABFIb3N0OiB3d3cuc2hmZS50awAAAAoAAAAgUmVmZXJlcjogaHR0cDovL2NvZGUuanF1ZXJ5LmNvbS8AAAAKAAAAHkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQAAAAoAAABHQWNjZXB0OiB0ZXh0L2h0bWwsYXBwbGljYXRpb24veGh0bWwreG1sLGFwcGxpY2F0aW9uL3htbDtxPTAuOSwqLyo7cT0wLjgAAAAKAAAAH0FjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjUAAAAHAAAAAAAAAAwAAAAHAAAAAQAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
2053
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDSxvLGOfCLYSdegye7emv/rBkydlvUzd1J9K8kb59Wgs5q0yP/pkDpagevO7rwN5BY6Hei/Dxb6td3ANMzc217zApkp17E6ch/LaFAnP6WaAyOdA2HmziFjZc2YlC8BpyoUd1Fb/X1lmkqDIxx0hxYdtyGxxcssKeDLjI6UWMeVwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
2.702512128e+09
-
unknown2
AAAABAAAAAEAAAXyAAAAAgAAAFQAAAACAAAPWwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/download/jquery-3.3.1.slim.min.js/4
-
user_agent
Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36
-
watermark
1
Targets
-
-
Target
bc37c01615f39bfaa06017a02e71d24c5aa4bb0159604230ff8ab325f29e685e
-
Size
6.3MB
-
MD5
1519311bb7f672fd407d30f8dfa11717
-
SHA1
4cddd8e4123f28b4acfdad06af3197238b97d3bb
-
SHA256
bc37c01615f39bfaa06017a02e71d24c5aa4bb0159604230ff8ab325f29e685e
-
SHA512
403f52efe0cf16408400091997d8354c09c3931829b78822bea7a93e689cff6478790c2828b6d850ee7ce9a2cbcffea045dacfda352329a96dcbe6d3059c1eb0
Score10/10-
suricata: ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response
suricata: ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-