General

  • Target

    781bae13816d6f8097225b3af9dd3abdec0d40203c28d1b5ca916b3857fb0543.zip

  • Size

    2KB

  • Sample

    230321-rw7lcaba69

  • MD5

    7a554af5b5377b5dc933fd64d04bc9db

  • SHA1

    4349952e154fd8618788e0946dca47772514dfb7

  • SHA256

    122f3cf1641277290e58e5e5b35b490633362a26ae51f0b28c983d2af220f0ee

  • SHA512

    2b5cca22d9c97d69cc31ddfa422e11b468c71dcf5bec366d2833819037e97b6c62c5d0b45832c2533257603fb1e841efe7454a61870e9be4b3a06d3bf216c96a

Malware Config

Extracted

Family

cobaltstrike

C2

http://27.122.56.137:443/components/remove.gif

Attributes
  • user_agent

    Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36

Targets

    • Target

      781bae13816d6f8097225b3af9dd3abdec0d40203c28d1b5ca916b3857fb0543.ps1

    • Size

      3KB

    • MD5

      a73f8c819df8a95eec32baad67e8c4ff

    • SHA1

      7337b79dca14f203b6951155fe0dd08c5267f101

    • SHA256

      781bae13816d6f8097225b3af9dd3abdec0d40203c28d1b5ca916b3857fb0543

    • SHA512

      e545ed699fccaa394f711d01010395135418e4daa97795b1f6f4289df50067ef09e755161b4b375ef942600c9625cdb793b9258fe39ef0a67c1939b941e499c1

    • Cobaltstrike

      Detected malicious payload which is part of Cobaltstrike.

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks