General
-
Target
4a7a56f682dc5e4b82e29c019f8960552d4608b88bbcf4144c173239763991a6.exe
-
Size
742KB
-
Sample
230506-1l1jqabb6v
-
MD5
99d1a92b31c137d6a8a48f3f62157b8e
-
SHA1
a18432e8c8d5f9c3a63ee3b5b273d2a6f84f75de
-
SHA256
8c5d48dfdb6c4ccaf83632883409198faa0dde2d71b3325bb79128b66a8d82e3
-
SHA512
5943c3219984abcbc5859b172e906c44980e891e42081b8edc91e70fe6a2e0f44f99fbc39e1824f9bbef6013800a0495182a9cc2955aefdf7083c62ed5c12269
-
SSDEEP
12288:4bebYM8UoFc8n1Qlhuo+qCFmPuc6ZWprhnlmu4erHBojP:kMOhn1QuohRPdqWpr02m
Malware Config
Extracted
cobaltstrike
12345
http://peiploersea.com:443/boost.mpeg
-
access_type
512
-
beacon_type
2048
-
host
peiploersea.com,/boost.mpeg
-
http_header1
AAAAEAAAABVIb3N0OiBwZWlwbG9lcnNlYS5jb20AAAAKAAAAEUNvbm5lY3Rpb246IGNsb3NlAAAABwAAAAAAAAAIAAAAAwAAAAIAAAAHYW0tdWlkPQAAAAYAAAAGQ29va2llAAAACQAAAAtoZWxsbz1mYWxzZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAAEAAAABVIb3N0OiBwZWlwbG9lcnNlYS5jb20AAAAKAAAAEUNvbm5lY3Rpb246IGNsb3NlAAAACgAAABVBY2NlcHQtRW5jb2Rpbmc6IGd6aXAAAAAKAAAAL0NvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkAAAABwAAAAEAAAADAAAAAwAAAAIAAAALYWNjdW11bGF0ZT0AAAAEAAAABwAAAAAAAAADAAAAAgAAAA5fX3Nlc3Npb25fX2lkPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
15104
-
polling_time
32
-
port_number
443
-
sc_process32
%windir%\syswow64\regsvr32.exe
-
sc_process64
%windir%\sysnative\regsvr32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCAML0E8xUAUo5ZuvGmQuFUxxyNG32mI3w75mAYVn0/rfqGbkLGz+drOupRIFqJNigkzVYxenSKojhtTWTYGx23LDME3MXV2M8RVkuuvCJA8N9y4xgt83n8JIAmDom67824gcXfBnFLt5NILFHGyyImz9rxf89UzYm2jskVszjkJwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4.6052864e+08
-
unknown2
AAAABAAAAAIAAAFTAAAAAwAAAA0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/please
-
user_agent
Mozilla/5.0 (Linux; Android 6.0; MYA-L22) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36
-
watermark
12345
Targets
-
-
Target
4a7a56f682dc5e4b82e29c019f8960552d4608b88bbcf4144c173239763991a6.exe
-
Size
742KB
-
MD5
99d1a92b31c137d6a8a48f3f62157b8e
-
SHA1
a18432e8c8d5f9c3a63ee3b5b273d2a6f84f75de
-
SHA256
8c5d48dfdb6c4ccaf83632883409198faa0dde2d71b3325bb79128b66a8d82e3
-
SHA512
5943c3219984abcbc5859b172e906c44980e891e42081b8edc91e70fe6a2e0f44f99fbc39e1824f9bbef6013800a0495182a9cc2955aefdf7083c62ed5c12269
-
SSDEEP
12288:4bebYM8UoFc8n1Qlhuo+qCFmPuc6ZWprhnlmu4erHBojP:kMOhn1QuohRPdqWpr02m
Score10/10-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
Detects any file with a triage score of 10
This file has been assigned a triage score of 10, indicating a high likelihood of malicious behavior.
-