General

  • Target

    be0b6a368e17536a116736e378f0f9febd307dc1f986342bed3ca00af8fc3082

  • Size

    307KB

  • Sample

    221203-gvhwgsed9v

  • MD5

    40631fe7836a97f79434d4a8a103a0a8

  • SHA1

    23639623e8cbde6abe0e4533969c70c5bd82f315

  • SHA256

    be0b6a368e17536a116736e378f0f9febd307dc1f986342bed3ca00af8fc3082

  • SHA512

    0b5bf315c775bd5827f746500be750adb57fbe008a54d1623fa510e6bf728be0a67d9f9c38ece992c6a2af9b6772976fd283bec91b39420d79138e7d5963ef7d

  • SSDEEP

    6144:2qzjmT72Y0SuzinYKTY1SQshfRPVQe1MZkIYSccr7wbstOcPECYeixlYGicfg:2Ce7SS5YsY1UMqMZJYSN7wbstOc8fvev

Malware Config

Targets

    • Target

      be0b6a368e17536a116736e378f0f9febd307dc1f986342bed3ca00af8fc3082

    • Size

      307KB

    • MD5

      40631fe7836a97f79434d4a8a103a0a8

    • SHA1

      23639623e8cbde6abe0e4533969c70c5bd82f315

    • SHA256

      be0b6a368e17536a116736e378f0f9febd307dc1f986342bed3ca00af8fc3082

    • SHA512

      0b5bf315c775bd5827f746500be750adb57fbe008a54d1623fa510e6bf728be0a67d9f9c38ece992c6a2af9b6772976fd283bec91b39420d79138e7d5963ef7d

    • SSDEEP

      6144:2qzjmT72Y0SuzinYKTY1SQshfRPVQe1MZkIYSccr7wbstOcPECYeixlYGicfg:2Ce7SS5YsY1UMqMZJYSN7wbstOc8fvev

    • Cobaltstrike

      Detected malicious payload which is part of Cobaltstrike.

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

2
T1112

Tasks