General

  • Target

    a8301f7da762a3574370e89584970392c1d9242ab40ab43ec092e24f7357df64

  • Size

    315KB

  • Sample

    221203-3c619aad9w

  • MD5

    fc0c329d5f7d709ac54bcabc29cb68a5

  • SHA1

    d6d26ee2e3d43f6b38da33e284ec31810f9d26fa

  • SHA256

    a8301f7da762a3574370e89584970392c1d9242ab40ab43ec092e24f7357df64

  • SHA512

    2890b9b64c6b9bfa45ac65b47528e159dd901598f861615872f4aa9682adbe31dc8b4f0d5a867fb76c70cc1b32fe3432ff953dc1228179cb3d86fab8527dc0ac

  • SSDEEP

    6144:Hq3gCcNoqWYHtSdYnI+tnYDcMbY4FmNzNwm+MhUaYxO1BcC1cgi:Hq3Gz1NlnI+1Kb5KzNVNlPcngi

Malware Config

Targets

    • Target

      a8301f7da762a3574370e89584970392c1d9242ab40ab43ec092e24f7357df64

    • Size

      315KB

    • MD5

      fc0c329d5f7d709ac54bcabc29cb68a5

    • SHA1

      d6d26ee2e3d43f6b38da33e284ec31810f9d26fa

    • SHA256

      a8301f7da762a3574370e89584970392c1d9242ab40ab43ec092e24f7357df64

    • SHA512

      2890b9b64c6b9bfa45ac65b47528e159dd901598f861615872f4aa9682adbe31dc8b4f0d5a867fb76c70cc1b32fe3432ff953dc1228179cb3d86fab8527dc0ac

    • SSDEEP

      6144:Hq3gCcNoqWYHtSdYnI+tnYDcMbY4FmNzNwm+MhUaYxO1BcC1cgi:Hq3Gz1NlnI+1Kb5KzNVNlPcngi

    • Cobaltstrike

      Detected malicious payload which is part of Cobaltstrike.

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

2
T1112

Tasks