General

  • Target

    cba4dc3944d8b66096c2793cd22c3ead4948491a5305ff854119e3a3f210df66

  • Size

    305KB

  • Sample

    221203-fgvsfsfc58

  • MD5

    c70406bfb78cd8d79f8d413b56889865

  • SHA1

    05f979194b6209dfcd82fe736ea0c1d1d3c28255

  • SHA256

    cba4dc3944d8b66096c2793cd22c3ead4948491a5305ff854119e3a3f210df66

  • SHA512

    6b762d5109da4e3a26ee7a58f89a330a0711d9c859c3ca729646fba8a05c8161544bb56bcdcc168f0741ef09587efea151116bef36011b692c6eae778c177da3

  • SSDEEP

    6144:5GSz+T72Y0STzinYKTY1SQshfRPVQe1MZkIYSccr7wbstOrPECYeixlYGicM:5Gqq7SS6YsY1UMqMZJYSN7wbstOr8fvW

Malware Config

Targets

    • Target

      cba4dc3944d8b66096c2793cd22c3ead4948491a5305ff854119e3a3f210df66

    • Size

      305KB

    • MD5

      c70406bfb78cd8d79f8d413b56889865

    • SHA1

      05f979194b6209dfcd82fe736ea0c1d1d3c28255

    • SHA256

      cba4dc3944d8b66096c2793cd22c3ead4948491a5305ff854119e3a3f210df66

    • SHA512

      6b762d5109da4e3a26ee7a58f89a330a0711d9c859c3ca729646fba8a05c8161544bb56bcdcc168f0741ef09587efea151116bef36011b692c6eae778c177da3

    • SSDEEP

      6144:5GSz+T72Y0STzinYKTY1SQshfRPVQe1MZkIYSccr7wbstOrPECYeixlYGicM:5Gqq7SS6YsY1UMqMZJYSN7wbstOr8fvW

    • Cobaltstrike

      Detected malicious payload which is part of Cobaltstrike.

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

2
T1112

Tasks