General
-
Target
love.exe
-
Size
15KB
-
Sample
230404-2zdsjscd7z
-
MD5
c90e24612f4dd127f14e514dd7e50a70
-
SHA1
43ad44e76d08a913652baa07fce329a85f0aa763
-
SHA256
6d100b9aa6dc7c1dec1e85f1008700636b5e6052ad474ee9351c7823a33a526e
-
SHA512
95497cfa2c5bf9b9066b25dd88120a84b9efaa3a29e70ae5dcd11a4b532c04b0ca2687beeb5004a073718a50510ba0ab8b6c9e02f7926c19478139e89b22f361
-
SSDEEP
192:AnH+DgGK83SxHn2OQ/dmBI4KBfTgir+xzAlubqUqV/Qjo7AGajSVx:AH+kGKqbOCdWIVBff+xzAlqfCXAnix
Malware Config
Extracted
metasploit
windows/download_exec
http://worried-trigonometry-gw.aws-euw2.cloud-ara.tyk.io:443/api/v2/GetProfilePicture
Extracted
cobaltstrike
1234567890
http://worried-trigonometry-gw.aws-euw2.cloud-ara.tyk.io:443/api/v2/login
-
access_type
512
-
beacon_type
2048
-
host
worried-trigonometry-gw.aws-euw2.cloud-ara.tyk.io,/api/v2/login
-
http_header1
AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAAAoAAAAtQXV0aG9yaXphdGlvbjogQmFzaWMgWVdSdGFXNDZibWxqWlRFeU16UTFOZz09AAAAEAAAADdIb3N0OiB3b3JyaWVkLXRyaWdvbm9tZXRyeS1ndy5hd3MtZXV3Mi5jbG91ZC1hcmEudHlrLmlvAAAABwAAAAAAAAANAAAAAgAAAAlfX2NmZHVpZD0AAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAAAoAAAAtQXV0aG9yaXphdGlvbjogQmFzaWMgWVdSdGFXNDZibWxqWlRFeU16UTFOZz09AAAAEAAAADdIb3N0OiB3b3JyaWVkLXRyaWdvbm9tZXRyeS1ndy5hd3MtZXV3Mi5jbG91ZC1hcmEudHlrLmlvAAAABwAAAAAAAAAPAAAADQAAAAUAAAAIX19jZmR1aWQAAAAHAAAAAQAAAA8AAAANAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
9472
-
polling_time
45000
-
port_number
443
-
sc_process32
%windir%\syswow64\dllhost.exe
-
sc_process64
%windir%\sysnative\dllhost.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDkVvKA9d29jZri8nHaX2VFuD2OtZchiFpLydB79nb+kXs3n9SsjyI+8pLKCU0KK86jLWhvMlldtQy9iNBdcrOkfeLEPbf4risJxxuydImuU3DWhRioo3Fk7+4i3egQ0HUabE3pbNQB5eAxIPj1unMzg3wDrnENxlwE1khmFPTpywIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4.234810624e+09
-
unknown2
AAAABAAAAAEAAAXyAAAAAgAAAFQAAAACAAAPWwAAAA0AAAAPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/api/v2/status
-
user_agent
Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
-
watermark
1234567890
Targets
-
-
Target
love.exe
-
Size
15KB
-
MD5
c90e24612f4dd127f14e514dd7e50a70
-
SHA1
43ad44e76d08a913652baa07fce329a85f0aa763
-
SHA256
6d100b9aa6dc7c1dec1e85f1008700636b5e6052ad474ee9351c7823a33a526e
-
SHA512
95497cfa2c5bf9b9066b25dd88120a84b9efaa3a29e70ae5dcd11a4b532c04b0ca2687beeb5004a073718a50510ba0ab8b6c9e02f7926c19478139e89b22f361
-
SSDEEP
192:AnH+DgGK83SxHn2OQ/dmBI4KBfTgir+xzAlubqUqV/Qjo7AGajSVx:AH+kGKqbOCdWIVBff+xzAlqfCXAnix
Score10/10-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-