General

  • Target

    a62fa1e40096a202f5b2c0413d9039001269a00f6f66b81ccfaec7926667bda3

  • Size

    307KB

  • Sample

    221129-eghbpagb2t

  • MD5

    e38ad6ff85b84bcbe2985145adcd588d

  • SHA1

    834d822a79e7403fed613506c73f8537760ab6d5

  • SHA256

    a62fa1e40096a202f5b2c0413d9039001269a00f6f66b81ccfaec7926667bda3

  • SHA512

    57bf6d672f2bbdb334b9102b5203c847f7f0be823d7c7c711f37100e1b0d0219baca028afec1a429aa7e01fa3de9feb593befd41e08a5fa54ef18d76320a45a9

  • SSDEEP

    6144:mTfzqT72Y0SEuzinYKTY1SQshfRPVQe1MZkIYSccr7wbstOHPECYeixlYGicc:mTre7SSE5YsY1UMqMZJYSN7wbstOH8f+

Malware Config

Targets

    • Target

      a62fa1e40096a202f5b2c0413d9039001269a00f6f66b81ccfaec7926667bda3

    • Size

      307KB

    • MD5

      e38ad6ff85b84bcbe2985145adcd588d

    • SHA1

      834d822a79e7403fed613506c73f8537760ab6d5

    • SHA256

      a62fa1e40096a202f5b2c0413d9039001269a00f6f66b81ccfaec7926667bda3

    • SHA512

      57bf6d672f2bbdb334b9102b5203c847f7f0be823d7c7c711f37100e1b0d0219baca028afec1a429aa7e01fa3de9feb593befd41e08a5fa54ef18d76320a45a9

    • SSDEEP

      6144:mTfzqT72Y0SEuzinYKTY1SQshfRPVQe1MZkIYSccr7wbstOHPECYeixlYGicc:mTre7SSE5YsY1UMqMZJYSN7wbstOH8f+

    • Cobaltstrike

      Detected malicious payload which is part of Cobaltstrike.

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks