General
-
Target
188cabb682c69d1e94e610fd2cc5aef967de70616b53f873cbd8963a621a57cd.exe
-
Size
6.3MB
-
Sample
220623-pt2k7sdaaj
-
MD5
a71e66c90588a34a61716db41d93fb06
-
SHA1
a999f8d520c5805e312101329c6a78c9c998172f
-
SHA256
188cabb682c69d1e94e610fd2cc5aef967de70616b53f873cbd8963a621a57cd
-
SHA512
cb45126d6fd2e954a0ed6f1c896dfe860c2c4eaeba4d8fb6b11ff2fff1f7a21092f4617dbc86e647b475eb688a8ba286c4d5042620f11a17fdea6d7c590095af
Static task
static1
Behavioral task
behavioral1
Sample
188cabb682c69d1e94e610fd2cc5aef967de70616b53f873cbd8963a621a57cd.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
188cabb682c69d1e94e610fd2cc5aef967de70616b53f873cbd8963a621a57cd.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
cobaltstrike
1
http://oa.shfe.tk:2053/download/jquery-3.3.1.slim.min.js/3
-
access_type
512
-
beacon_type
2048
-
host
oa.shfe.tk,/download/jquery-3.3.1.slim.min.js/3
-
http_header1
AAAAEAAAABFIb3N0OiB3d3cuc2hmZS50awAAAAoAAAAgUmVmZXJlcjogaHR0cDovL2NvZGUuanF1ZXJ5LmNvbS8AAAAKAAAAHkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQAAAAoAAABHQWNjZXB0OiB0ZXh0L2h0bWwsYXBwbGljYXRpb24veGh0bWwreG1sLGFwcGxpY2F0aW9uL3htbDtxPTAuOSwqLyo7cT0wLjgAAAAKAAAAH0FjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjUAAAAHAAAAAAAAAAMAAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAAEAAAABFIb3N0OiB3d3cuc2hmZS50awAAAAoAAAAgUmVmZXJlcjogaHR0cDovL2NvZGUuanF1ZXJ5LmNvbS8AAAAKAAAAHkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQAAAAoAAABHQWNjZXB0OiB0ZXh0L2h0bWwsYXBwbGljYXRpb24veGh0bWwreG1sLGFwcGxpY2F0aW9uL3htbDtxPTAuOSwqLyo7cT0wLjgAAAAKAAAAH0FjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjUAAAAHAAAAAAAAAAwAAAAHAAAAAQAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
2053
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDSxvLGOfCLYSdegye7emv/rBkydlvUzd1J9K8kb59Wgs5q0yP/pkDpagevO7rwN5BY6Hei/Dxb6td3ANMzc217zApkp17E6ch/LaFAnP6WaAyOdA2HmziFjZc2YlC8BpyoUd1Fb/X1lmkqDIxx0hxYdtyGxxcssKeDLjI6UWMeVwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
2.702512128e+09
-
unknown2
AAAABAAAAAEAAAXyAAAAAgAAAFQAAAACAAAPWwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/download/jquery-3.3.1.slim.min.js/4
-
user_agent
Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36
-
watermark
1
Targets
-
-
Target
188cabb682c69d1e94e610fd2cc5aef967de70616b53f873cbd8963a621a57cd.exe
-
Size
6.3MB
-
MD5
a71e66c90588a34a61716db41d93fb06
-
SHA1
a999f8d520c5805e312101329c6a78c9c998172f
-
SHA256
188cabb682c69d1e94e610fd2cc5aef967de70616b53f873cbd8963a621a57cd
-
SHA512
cb45126d6fd2e954a0ed6f1c896dfe860c2c4eaeba4d8fb6b11ff2fff1f7a21092f4617dbc86e647b475eb688a8ba286c4d5042620f11a17fdea6d7c590095af
Score10/10-
suricata: ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response
suricata: ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response
-
Loads dropped DLL
-