General
-
Target
ac0b7d11ff768a08a08ce4254fe9bbd9c18df4ec354da9c6d6a22fe5cacec944
-
Size
380KB
-
Sample
221123-qnyssshd8t
-
MD5
fcf381af24111ae189d57792465200ab
-
SHA1
742a87c00364b3124bf62480369e0a2854cbb8dd
-
SHA256
ac0b7d11ff768a08a08ce4254fe9bbd9c18df4ec354da9c6d6a22fe5cacec944
-
SHA512
84a63bfdb43121f3427394cf969ad42a7efa891e60ecb4be4009e9c1eb0574b4712c7f64d34feff3ce380630d4e34bb4c99014dda8de745c31a706642daaa751
-
SSDEEP
6144:iKhjynzprGoDKbkqNJtLAletm9Mht3vbdXV1qBQMMZx0HLHDDOSJgSQx62DAsLWO:icqNrDDKbkQbzKMht3vP1qBQzqnvjQxn
Malware Config
Targets
-
-
Target
ac0b7d11ff768a08a08ce4254fe9bbd9c18df4ec354da9c6d6a22fe5cacec944
-
Size
380KB
-
MD5
fcf381af24111ae189d57792465200ab
-
SHA1
742a87c00364b3124bf62480369e0a2854cbb8dd
-
SHA256
ac0b7d11ff768a08a08ce4254fe9bbd9c18df4ec354da9c6d6a22fe5cacec944
-
SHA512
84a63bfdb43121f3427394cf969ad42a7efa891e60ecb4be4009e9c1eb0574b4712c7f64d34feff3ce380630d4e34bb4c99014dda8de745c31a706642daaa751
-
SSDEEP
6144:iKhjynzprGoDKbkqNJtLAletm9Mht3vbdXV1qBQMMZx0HLHDDOSJgSQx62DAsLWO:icqNrDDKbkQbzKMht3vP1qBQzqnvjQxn
Score10/10-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-