General
-
Target
beacon.ps1
-
Size
3KB
-
Sample
230313-srbhsaah87
-
MD5
a73f8c819df8a95eec32baad67e8c4ff
-
SHA1
7337b79dca14f203b6951155fe0dd08c5267f101
-
SHA256
781bae13816d6f8097225b3af9dd3abdec0d40203c28d1b5ca916b3857fb0543
-
SHA512
e545ed699fccaa394f711d01010395135418e4daa97795b1f6f4289df50067ef09e755161b4b375ef942600c9625cdb793b9258fe39ef0a67c1939b941e499c1
Behavioral task
behavioral1
Sample
beacon.ps1
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
beacon.ps1
Resource
win10v2004-20230220-en
Malware Config
Extracted
cobaltstrike
http://27.122.56.137:443/components/remove.gif
-
user_agent
Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36
Targets
-
-
Target
beacon.ps1
-
Size
3KB
-
MD5
a73f8c819df8a95eec32baad67e8c4ff
-
SHA1
7337b79dca14f203b6951155fe0dd08c5267f101
-
SHA256
781bae13816d6f8097225b3af9dd3abdec0d40203c28d1b5ca916b3857fb0543
-
SHA512
e545ed699fccaa394f711d01010395135418e4daa97795b1f6f4289df50067ef09e755161b4b375ef942600c9625cdb793b9258fe39ef0a67c1939b941e499c1
Score10/10-
Blocklisted process makes network request
-