General
-
Target
3c7a0be285dba90759f4ae5c8257b77a.exe
-
Size
7.9MB
-
Sample
220917-g9g8hahcd2
-
MD5
3c7a0be285dba90759f4ae5c8257b77a
-
SHA1
20043abc1660d83b99a7858712832ce0df023c21
-
SHA256
71bf6ded75f3a049bc1064e200fdf3956c0f647a073b8af48021626e9a46e933
-
SHA512
0fdd37f15aa3ce727b6adf11570a035d475f99a9dbabd5db680e3f9f35c2dc261d4a08a6aae5955662a7d92c6d10db2c9b147ad109addb3abf9d69cef1bcf1e7
-
SSDEEP
98304:YtEdYr+IjnsMAtp3Jrk6ILOANFnaYXUyIcgEc6NOO2YVt8s0ryW0eA5:Yxrxjnap3wLOGzUzcEA+s3n
Malware Config
Extracted
metasploit
windows/reverse_http
http://146.70.101.97:8080/DoyoD1ivJJwH9gb3ZPqx_QCrhTUDSCEWxEmhW39HKXj8v8cst_M4HzoOXgF2Cxvd9yFi6rMxThYQa1SPzdIcLagFOZOcg4thcta6tu0yABPmSObCIcuer9crCzLvcEW5IjpPBuILDkRZeygdz_DiF0HtbJHFTNkXxhjGP2UR-y9I_XPfR4nsS041M2gQbgTFm-Gl0uxi42jnLqC9Wu2Tx1FylGJawfp
Targets
-
-
Target
3c7a0be285dba90759f4ae5c8257b77a.exe
-
Size
7.9MB
-
MD5
3c7a0be285dba90759f4ae5c8257b77a
-
SHA1
20043abc1660d83b99a7858712832ce0df023c21
-
SHA256
71bf6ded75f3a049bc1064e200fdf3956c0f647a073b8af48021626e9a46e933
-
SHA512
0fdd37f15aa3ce727b6adf11570a035d475f99a9dbabd5db680e3f9f35c2dc261d4a08a6aae5955662a7d92c6d10db2c9b147ad109addb3abf9d69cef1bcf1e7
-
SSDEEP
98304:YtEdYr+IjnsMAtp3Jrk6ILOANFnaYXUyIcgEc6NOO2YVt8s0ryW0eA5:Yxrxjnap3wLOGzUzcEA+s3n
Score10/10-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
XMRig Miner payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-