General

  • Target

    c1a1e4619dda48fced7b552c57dfc255b63aa08edf4ae4813368192ce465c816

  • Size

    315KB

  • Sample

    221203-3c5hesef66

  • MD5

    90ec4b922195c30feb3f8897bc7933ba

  • SHA1

    940c762796222f2b523e817170c994983188cb52

  • SHA256

    c1a1e4619dda48fced7b552c57dfc255b63aa08edf4ae4813368192ce465c816

  • SHA512

    0ac000a4314978023158d081e4bf232216a45e24d74acb17344c9c08c3f58ebc897420ad6b0bd86386f072de55e73a403c6fbb64a1949b9f5a43a4b8e903b01b

  • SSDEEP

    6144:Hq3gCProqWYHtSVYnI+tnYDcMbY4FmNzNwm+MhUa4xO1BcC1cT:Hq3hz1NFnI+1Kb5KzNVNFPcnT

Malware Config

Targets

    • Target

      c1a1e4619dda48fced7b552c57dfc255b63aa08edf4ae4813368192ce465c816

    • Size

      315KB

    • MD5

      90ec4b922195c30feb3f8897bc7933ba

    • SHA1

      940c762796222f2b523e817170c994983188cb52

    • SHA256

      c1a1e4619dda48fced7b552c57dfc255b63aa08edf4ae4813368192ce465c816

    • SHA512

      0ac000a4314978023158d081e4bf232216a45e24d74acb17344c9c08c3f58ebc897420ad6b0bd86386f072de55e73a403c6fbb64a1949b9f5a43a4b8e903b01b

    • SSDEEP

      6144:Hq3gCProqWYHtSVYnI+tnYDcMbY4FmNzNwm+MhUa4xO1BcC1cT:Hq3hz1NFnI+1Kb5KzNVNFPcnT

    • Cobaltstrike

      Detected malicious payload which is part of Cobaltstrike.

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

2
T1112

Tasks