Overview

overview

10

Static

static

ONE_00034.lnk

windows7-x64

3

ONE_00034.lnk

windows10-2004-x64

7

ONE_00035.lnk

windows7-x64

3

ONE_00035.lnk

windows10-2004-x64

7

ONE_00036.lnk

windows7-x64

3

ONE_00036.lnk

windows10-2004-x64

7

ONE_00037.lnk

windows7-x64

3

ONE_00037.lnk

windows10-2004-x64

7

OneDrive.exe

windows7-x64

1

OneDrive.exe

windows10-2004-x64

1

secur32.dll

windows7-x64

1

secur32.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    tbc30_photos (2).zip.zip

  • Size

    1.1MB

  • Sample

    221205-tc2xvsgh8y

  • MD5

    df8040c092303c411a9263e1c2caeb03

  • SHA1

    2999fd7565a4220e28389d2216bb5c822a8a0dcf

  • SHA256

    3ab05fd48549097cea751815c9d023ea905fec74ee8b4c851f296ab2879667ec

  • SHA512

    ba545179750b34379b6509eca6df67d51c6cadf472263a14bd4d8532a41ff0510c196ed44afba1780ca7f291acf0a053249a80e624b928ee5c7741eb8203a6c0

  • SSDEEP

    24576:STHfYF7cGsxidCsOBrp14jXo4o7WEyzeZwGlG7Q/MKe3dPQ2v5CTVZ:STHAFo9g0svjXojkTp7Qk5tQ2EVZ

Score
10/10
cobaltstrikebackdoortrojan

Malware Config

Targets

    • Target

      ONE_00034.lnk

    • Size

      1KB

    • MD5

      6c73b331710c52ef2e51e77fa58f0157

    • SHA1

      86038f1def400da07dd49234b55415d32b14a5a4

    • SHA256

      a5f2c40997e7cbb29b006bc64a2594712107b18b00eccc778637dd1d193a75fd

    • SHA512

      c224fadc87b5a0ff5503ac5944ddc79d18f3bf0644ea8605d5162d327d8616a2a440a155f23ef9cef4d6856405ff61da89a495c12aa13f6d3d702ee437e1867d

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

    • Target

      ONE_00035.lnk

    • Size

      1KB

    • MD5

      b20e99f7987ea5ead2dbdad9f02ca657

    • SHA1

      7928d503eff40263855ffe23add5fbb9c0f8750b

    • SHA256

      247f3bbc894e6af7d36c7d7d0a2dd9c8764fcc9fdad385e79e7d5732a2e9e1c9

    • SHA512

      b2ff98aa7aa85494881d52eb092bdda2c1a243abe0ac99f4bb93784b78c8b07bc8e8bab1f5ee145068d161ef33803459a920326dc5b9b2f951fb3b1ec2a9c4d1

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral3behavioral4

    • Target

      ONE_00036.lnk

    • Size

      1KB

    • MD5

      3160bdefda43f3e8b629b891c50809c1

    • SHA1

      7fdcfa72bd3c24073c035b4c32e91574915b2ea2

    • SHA256

      485952bfa5ade1103a2c03848c3f25e960a1a8a554664d2e993508d1bb84431f

    • SHA512

      2942c3b5d43e4570bbf0e4c700b81e7b8b5cc0a8ca44efe6035ed365ba8e1bf09233c061a8c5ee528a2b2f1fd9734b37e052d6c826dedb2e419da9c1fa05e9a6

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral5behavioral6

    • Target

      ONE_00037.lnk

    • Size

      1KB

    • MD5

      2530380e233caed7355e31c39542e4e4

    • SHA1

      81ef6f503e7790d29227489fc80d9fd9f0cb8157

    • SHA256

      4a4db4b344110ded007ab9a99cdb4b3896488fc2b34903aeaca6f1233811f226

    • SHA512

      62bccc2bd4cc0ec10734ad336f5a563b785f646988f86c0f42fcc220bb8dd4693a6246c263be768d1c4b6641fc25eb9a919d6eaca4666e48430b435def522153

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral7behavioral8

    • Target

      OneDrive.exe

    • Size

      2.5MB

    • MD5

      38a126bfa8140b13d2f43c34c0bfc2fd

    • SHA1

      1a162d9a711c7ea4ce83dda23af3730056a09e3c

    • SHA256

      8004874a63c604901af30a5cc10d4377938378369b27f691295ecab6d1c6cbda

    • SHA512

      c6d6bc6db0dd353953e0896e492b11a4ba2c9c78deefe629d761156e5093934f307793e1ebbea7c36abd95be9213acefb89cc49b950d16bf563fe95bd4b48597

    • SSDEEP

      49152:35eyvPf4SBn7zVAs8YXyTtsBP/OlsLzFmNfW6FJKxxfZA4X6:l4y7RRXzBP/OlsLzFmNfW6FJKxxfZA4K

    Score
    1/10
    behavioral10behavioral9

    • Target

      secur32.dll

    • Size

      841KB

    • MD5

      36c8a42e8fef68f80e4d23a8e6d72962

    • SHA1

      73abc6fd13f2559f33cb82ce10cf166f865045ea

    • SHA256

      485eb3abb12b2bf6bc6b77d9d04d0853000f1caa1d70254d70006058d2095e8a

    • SHA512

      d63298ad55099c459df2f19820d14784c5135bf7a86660683a1f86baa04b2a0ea682377ca314a071c41562dbc3dc8f4625bf06b80354e3debca3edf5991cd051

    • SSDEEP

      12288:iWdr/+eRHLUJsWNcRTL2oYzSyvHiI12/Nbkwc93IjfQ1KolnLCC7SMq1:ndr/x/WNcRT/y/iI12/NYwc93N1zb7m

    Score
    10/10
    cobaltstrikebackdoortrojan
    behavioral11behavioral12

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

4
T1012

System Information Discovery

8
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks