General
-
Target
3x.zip
-
Size
12.2MB
-
Sample
220623-hyv6nacbck
-
MD5
1b10c66844f5b404d788a0eeb9b64850
-
SHA1
909dc66eac6ae790fae53570b9294dbc490a7558
-
SHA256
b0ef97d6bccce1242df4a41e1a02e37588dc39776dbf54c6ad3425c5206e9ff1
-
SHA512
8333257feeea5bc813ad3f70916c85f9148996ba53fbea544db022c3e1f76d4f39020d5af1925fb5586a155ddb63846d42011488d0ccf09d34fda938cb5bd760
Static task
static1
Behavioral task
behavioral1
Sample
188cabb682c69d1e94e610fd2cc5aef967de70616b53f873cbd8963a621a57cd.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
188cabb682c69d1e94e610fd2cc5aef967de70616b53f873cbd8963a621a57cd.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
280068539e77b8a53794d39494439d38a02b72ebfedae0b105ea8d34ab3af4c9.exe
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
280068539e77b8a53794d39494439d38a02b72ebfedae0b105ea8d34ab3af4c9.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral5
Sample
757040a9bc4ea0f1375987839e08b35a31583c5285e184a1d42f437b99d00a90.exe
Resource
win7-20220414-en
Behavioral task
behavioral6
Sample
757040a9bc4ea0f1375987839e08b35a31583c5285e184a1d42f437b99d00a90.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
cobaltstrike
1
http://oa.shfe.tk:2053/download/jquery-3.3.1.slim.min.js/3
-
access_type
512
-
beacon_type
2048
-
host
oa.shfe.tk,/download/jquery-3.3.1.slim.min.js/3
-
http_header1
AAAAEAAAABFIb3N0OiB3d3cuc2hmZS50awAAAAoAAAAgUmVmZXJlcjogaHR0cDovL2NvZGUuanF1ZXJ5LmNvbS8AAAAKAAAAHkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQAAAAoAAABHQWNjZXB0OiB0ZXh0L2h0bWwsYXBwbGljYXRpb24veGh0bWwreG1sLGFwcGxpY2F0aW9uL3htbDtxPTAuOSwqLyo7cT0wLjgAAAAKAAAAH0FjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjUAAAAHAAAAAAAAAAMAAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAAEAAAABFIb3N0OiB3d3cuc2hmZS50awAAAAoAAAAgUmVmZXJlcjogaHR0cDovL2NvZGUuanF1ZXJ5LmNvbS8AAAAKAAAAHkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQAAAAoAAABHQWNjZXB0OiB0ZXh0L2h0bWwsYXBwbGljYXRpb24veGh0bWwreG1sLGFwcGxpY2F0aW9uL3htbDtxPTAuOSwqLyo7cT0wLjgAAAAKAAAAH0FjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjUAAAAHAAAAAAAAAAwAAAAHAAAAAQAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
2053
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDSxvLGOfCLYSdegye7emv/rBkydlvUzd1J9K8kb59Wgs5q0yP/pkDpagevO7rwN5BY6Hei/Dxb6td3ANMzc217zApkp17E6ch/LaFAnP6WaAyOdA2HmziFjZc2YlC8BpyoUd1Fb/X1lmkqDIxx0hxYdtyGxxcssKeDLjI6UWMeVwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
2.702512128e+09
-
unknown2
AAAABAAAAAEAAAXyAAAAAgAAAFQAAAACAAAPWwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/download/jquery-3.3.1.slim.min.js/4
-
user_agent
Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36
-
watermark
1
Targets
-
-
Target
188cabb682c69d1e94e610fd2cc5aef967de70616b53f873cbd8963a621a57cd
-
Size
6.3MB
-
MD5
a71e66c90588a34a61716db41d93fb06
-
SHA1
a999f8d520c5805e312101329c6a78c9c998172f
-
SHA256
188cabb682c69d1e94e610fd2cc5aef967de70616b53f873cbd8963a621a57cd
-
SHA512
cb45126d6fd2e954a0ed6f1c896dfe860c2c4eaeba4d8fb6b11ff2fff1f7a21092f4617dbc86e647b475eb688a8ba286c4d5042620f11a17fdea6d7c590095af
Score10/10-
suricata: ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response
suricata: ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response
-
Loads dropped DLL
-
-
-
Target
280068539e77b8a53794d39494439d38a02b72ebfedae0b105ea8d34ab3af4c9
-
Size
16.3MB
-
MD5
54076d2d76ef1c943d39b874400a5642
-
SHA1
1d519e0d1533c147782511f8db1d04bc0909af20
-
SHA256
280068539e77b8a53794d39494439d38a02b72ebfedae0b105ea8d34ab3af4c9
-
SHA512
338ea549e5bc77833c4c1915dd73be460d264aea38486047f35415cec69007907e84b8e2951c49dabbae0baf02bbfffc5b43b7a30c19b3a956f2cbf374502755
Score10/10-
suricata: ET MALWARE Cobalt Strike Beacon Observed
suricata: ET MALWARE Cobalt Strike Beacon Observed
-
-
-
Target
757040a9bc4ea0f1375987839e08b35a31583c5285e184a1d42f437b99d00a90
-
Size
251KB
-
MD5
76e4d2e60512c1b29fdf6843c344d1cc
-
SHA1
216d7ba6e298419201622b0a53bfb02fdc7c6ed2
-
SHA256
757040a9bc4ea0f1375987839e08b35a31583c5285e184a1d42f437b99d00a90
-
SHA512
f00b8a9a0f5163e2dcc9b8795b3406b0e81e044ffce43f5ccca7f5edd6b3a8a0c0018df073b8fbb44cc28c684ce59bf710c6802005a2e83a7743000cae6c5e99
Score3/10 -