General

  • Target

    bfb3c9fcad31b69e33f4167583c9caee3e23b5e21eba695ab417bc7f5cd71ac6

  • Size

    305KB

  • Sample

    221203-gn844aae76

  • MD5

    58a2143fe02f4c366f63b43fd5d37fc6

  • SHA1

    86509cc545d83f329556fe2118ec1cc9ec3e7a58

  • SHA256

    bfb3c9fcad31b69e33f4167583c9caee3e23b5e21eba695ab417bc7f5cd71ac6

  • SHA512

    1a4ed646ad6f5ed0d0b251820e6e281bb66277fd783a929762ff4f12ce95266b154a7109bfaf8c3cb1a724506abb7e4f332f3fd8716d5797ec03d6c53877a848

  • SSDEEP

    6144:5GSzsT72Y0SWzinYKTY1SQshfRPVQe1MZkIYSccr7wbstOQPECYeixlYGicA:5GqQ7SSxYsY1UMqMZJYSN7wbstOQ8fvK

Malware Config

Targets

    • Target

      bfb3c9fcad31b69e33f4167583c9caee3e23b5e21eba695ab417bc7f5cd71ac6

    • Size

      305KB

    • MD5

      58a2143fe02f4c366f63b43fd5d37fc6

    • SHA1

      86509cc545d83f329556fe2118ec1cc9ec3e7a58

    • SHA256

      bfb3c9fcad31b69e33f4167583c9caee3e23b5e21eba695ab417bc7f5cd71ac6

    • SHA512

      1a4ed646ad6f5ed0d0b251820e6e281bb66277fd783a929762ff4f12ce95266b154a7109bfaf8c3cb1a724506abb7e4f332f3fd8716d5797ec03d6c53877a848

    • SSDEEP

      6144:5GSzsT72Y0SWzinYKTY1SQshfRPVQe1MZkIYSccr7wbstOQPECYeixlYGicA:5GqQ7SSxYsY1UMqMZJYSN7wbstOQ8fvK

    • Cobaltstrike

      Detected malicious payload which is part of Cobaltstrike.

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

2
T1112

Tasks