General

  • Target

    c86256cfd976476c5da03561b10a63f9e26e61a3711c536eeeccef58468b1d5b

  • Size

    307KB

  • Sample

    221203-fs92hsgc34

  • MD5

    fdadf3a0959be55bf52250a2b91c85fd

  • SHA1

    7756c28eccd7521767be42b608d3b803b2d32cc0

  • SHA256

    c86256cfd976476c5da03561b10a63f9e26e61a3711c536eeeccef58468b1d5b

  • SHA512

    a199b179c9d6014814ac90084059ce755ba9657f9ceba0405cb658798a57e929d26f19b6ee20d7fa288ea86ebb7fba6056f77514d3855fcc4e526489bacb9eaa

  • SSDEEP

    6144:K0vzvT72Y0S2zinYKTY1SQshfRPVQe1MZkIYSccr7wbstOMPECYeixlYGicF:K0br7SSRYsY1UMqMZJYSN7wbstOM8fvD

Malware Config

Targets

    • Target

      c86256cfd976476c5da03561b10a63f9e26e61a3711c536eeeccef58468b1d5b

    • Size

      307KB

    • MD5

      fdadf3a0959be55bf52250a2b91c85fd

    • SHA1

      7756c28eccd7521767be42b608d3b803b2d32cc0

    • SHA256

      c86256cfd976476c5da03561b10a63f9e26e61a3711c536eeeccef58468b1d5b

    • SHA512

      a199b179c9d6014814ac90084059ce755ba9657f9ceba0405cb658798a57e929d26f19b6ee20d7fa288ea86ebb7fba6056f77514d3855fcc4e526489bacb9eaa

    • SSDEEP

      6144:K0vzvT72Y0S2zinYKTY1SQshfRPVQe1MZkIYSccr7wbstOMPECYeixlYGicF:K0br7SSRYsY1UMqMZJYSN7wbstOM8fvD

    • Cobaltstrike

      Detected malicious payload which is part of Cobaltstrike.

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

2
T1112

Tasks