General
-
Target
6277ca11e8fa7d6cd07ae3dac8c76afadfc16ea4ad23546018dcdf3904ce4953
-
Size
1.5MB
-
Sample
220725-lxbbmscafq
-
MD5
951ab6e8be35c4812bd1374b9e45933c
-
SHA1
9d4b39a0404c959e07accda8c8c3c5fb9dd1b0ae
-
SHA256
6277ca11e8fa7d6cd07ae3dac8c76afadfc16ea4ad23546018dcdf3904ce4953
-
SHA512
b0fe39f690a4433bc4b6ed37096ff133a421441e721b81b59d9966455654ba503301320b7f9a34edaf191de408082aa3d54ab5e2d79f7708f14065e0c0fa51df
Behavioral task
behavioral1
Sample
6277ca11e8fa7d6cd07ae3dac8c76afadfc16ea4ad23546018dcdf3904ce4953.exe
Resource
win7-20220718-en
Malware Config
Extracted
cobaltstrike
http://service-k6z1uk8b-1307545782.sh.apigw.tencentcs.com:443/bootstrap-2.min.js
-
user_agent
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36
Extracted
cobaltstrike
0
-
watermark
0
Targets
-
-
Target
6277ca11e8fa7d6cd07ae3dac8c76afadfc16ea4ad23546018dcdf3904ce4953
-
Size
1.5MB
-
MD5
951ab6e8be35c4812bd1374b9e45933c
-
SHA1
9d4b39a0404c959e07accda8c8c3c5fb9dd1b0ae
-
SHA256
6277ca11e8fa7d6cd07ae3dac8c76afadfc16ea4ad23546018dcdf3904ce4953
-
SHA512
b0fe39f690a4433bc4b6ed37096ff133a421441e721b81b59d9966455654ba503301320b7f9a34edaf191de408082aa3d54ab5e2d79f7708f14065e0c0fa51df
-
suricata: ET MALWARE Successful Cobalt Strike Shellcode Download (x64) M1
suricata: ET MALWARE Successful Cobalt Strike Shellcode Download (x64) M1
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-