General
-
Target
3ea53cbcbfb8cb7ee453cee19db764a842697551ed1d7c8973413c67d5bd6ca6
-
Size
341KB
-
Sample
221130-wm4kjsce52
-
MD5
320a40663f9eb05e4db83d49240a6715
-
SHA1
21cf850f2117e9313d124041a5239c4196b836e3
-
SHA256
3ea53cbcbfb8cb7ee453cee19db764a842697551ed1d7c8973413c67d5bd6ca6
-
SHA512
061f24a61709240dd487756d7d3e80f54b89de30968b989414e48674d98b8272844241754d8616ba62d77e19f3fd00b8bf44ef1a12230614544127d5c79ef808
-
SSDEEP
6144:n/iP3jagYudl54jtmHHnRuUaqBmkDaIwIc+fLMLwqHh2yVzW:n/ajNX4jtOHC0a5vB2yI
Malware Config
Extracted
cobaltstrike
1167079883
http://ajax.microsoft.com:443/v3/dynatrace_analytics/humana.php
-
access_type
512
-
beacon_type
2048
-
host
ajax.microsoft.com,/v3/dynatrace_analytics/humana.php
-
http_header1
AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAAAoAAAAeQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlAAAABwAAAAAAAAANAAAAAgAAAAlfX2NmZHVpZD0AAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAAAoAAAAeQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlAAAABwAAAAAAAAAPAAAADQAAAAUAAAAIX19jZmR1aWQAAAAHAAAAAQAAAA8AAAANAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
443
-
sc_process32
%windir%\syswow64\backgroundtaskhost.exe
-
sc_process64
%windir%\sysnative\backgroundtaskhost.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDXboZZNW91rPGoN5K2qC3LQuNl9RVpcjbpJmseSjQnWJAE0AtMCb1h62EQwESbtMFInTVQCM4HrjjmZFXBUNhIZXHbJXrYtrXoFEqsgyf8xFeOTWWatIbx+jgmdUVHqFu+Oo5gEIm5hwgYaq8Q4ktw5LM6eKMwSACmUJUDoM10swIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4.234810624e+09
-
unknown2
AAAABAAAAAEAAAXyAAAAAgAAAFQAAAACAAAPWwAAAA0AAAAPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/v3/dynatrace/apiv4/humad_analytics
-
user_agent
Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
-
watermark
1167079883
Targets
-
-
Target
3ea53cbcbfb8cb7ee453cee19db764a842697551ed1d7c8973413c67d5bd6ca6
-
Size
341KB
-
MD5
320a40663f9eb05e4db83d49240a6715
-
SHA1
21cf850f2117e9313d124041a5239c4196b836e3
-
SHA256
3ea53cbcbfb8cb7ee453cee19db764a842697551ed1d7c8973413c67d5bd6ca6
-
SHA512
061f24a61709240dd487756d7d3e80f54b89de30968b989414e48674d98b8272844241754d8616ba62d77e19f3fd00b8bf44ef1a12230614544127d5c79ef808
-
SSDEEP
6144:n/iP3jagYudl54jtmHHnRuUaqBmkDaIwIc+fLMLwqHh2yVzW:n/ajNX4jtOHC0a5vB2yI
Score10/10-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-