General

  • Target

    fbbff9ab15b2fb7b5e2e5cfaf35810edd492df9448ca0d55a74b830724201543

  • Size

    156KB

  • Sample

    221003-3hhkvacbhl

  • MD5

    467941e3cb0b3e1c379eb8ee10f57947

  • SHA1

    9a9a7a9bde0ca1f9f3cab121369d2473e817a03e

  • SHA256

    fbbff9ab15b2fb7b5e2e5cfaf35810edd492df9448ca0d55a74b830724201543

  • SHA512

    437cac30faf4dbbc98d72d804c11ef6289fb3145aefd91f393aa7a41579e1f5be2c87b3b43d142c140561d9af8ce1983ffa6979f84e56fae56d2a376c37efb24

  • SSDEEP

    3072:0s3yXdU7kClJgOEA6YbnVfyE1UirnmcOlq98VGScKtA1Jmtw3ff:0jeVEA6YhfRUq9SGScKsJV3

Malware Config

Targets

    • Target

      fbbff9ab15b2fb7b5e2e5cfaf35810edd492df9448ca0d55a74b830724201543

    • Size

      156KB

    • MD5

      467941e3cb0b3e1c379eb8ee10f57947

    • SHA1

      9a9a7a9bde0ca1f9f3cab121369d2473e817a03e

    • SHA256

      fbbff9ab15b2fb7b5e2e5cfaf35810edd492df9448ca0d55a74b830724201543

    • SHA512

      437cac30faf4dbbc98d72d804c11ef6289fb3145aefd91f393aa7a41579e1f5be2c87b3b43d142c140561d9af8ce1983ffa6979f84e56fae56d2a376c37efb24

    • SSDEEP

      3072:0s3yXdU7kClJgOEA6YbnVfyE1UirnmcOlq98VGScKtA1Jmtw3ff:0jeVEA6YhfRUq9SGScKsJV3

    • Cobaltstrike

      Detected malicious payload which is part of Cobaltstrike.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks