General
-
Target
0ca20b85396131dabe5c70b9e5e64365b80a3c67f8d8364850ca6c19cf72d0e5.exe
-
Size
742KB
-
Sample
230506-2yqqqagf3v
-
MD5
d223c81ca946a3b05e69cbfb402cc6d6
-
SHA1
09d31081383bfc112c62cd270ba41b050c68b0eb
-
SHA256
5a6fe08d24beda29fe88d05e659c012e97ebf7ca9df4418582554b4d4a04e418
-
SHA512
4a856c4986476d3e76edecf8470dea55e211a88ed2e6c3ccb230dfb8b28c4a1a6711c55df9834b66abd56dc9b2a0d90ee2e3dd12c97b89ef9184335cb96e6f91
-
SSDEEP
12288:mJj7CZ5Pp4a43ckaYw2S3eNlxwAmvga5JX9p:k+Ppg3cO+O+Hzj
Malware Config
Extracted
cobaltstrike
12345
http://212.118.55.225:4444/scrub
-
access_type
512
-
beacon_type
2048
-
host
212.118.55.225,/scrub
-
http_header1
AAAAEAAAABBIb3N0OiBmbGxybmQuY29tAAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAASQWNjZXB0OiBpbWFnZS90aWZmAAAACgAAACZBY2NlcHQtRW5jb2Rpbmc6IGd6aXAgZGVmbGF0ZSBjb21wcmVzcwAAAAcAAAAAAAAADQAAAAMAAAACAAAACXF1X2NzcmY6PQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAAEAAAABBIb3N0OiBmbGxybmQuY29tAAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAAYQ29udGVudC1UeXBlOiB0ZXh0L3BsYWluAAAABwAAAAEAAAAPAAAAAwAAAAQAAAAHAAAAAAAAAAMAAAACAAAADl9fc2Vzc2lvbl9faWQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
18688
-
polling_time
53
-
port_number
4444
-
sc_process32
%windir%\syswow64\mstsc.exe
-
sc_process64
%windir%\sysnative\mstsc.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCjut9JrLKK+w9sliNjqcmC7WATDBpfR3tamS16uhtcgg7pPmFue7CKzVuD7DJmZpg2fLdeVpMaKL8zGfNvM4pG8nW1PkpRQn0kuyRfmIyxZe1jT8qsL7nOAbXGa+yD56YqTbWtn9C+fsAQ/go2Rl5zMn802fBnOYWkTm+HYIJa8QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
3.025605888e+09
-
unknown2
AAAABAAAAAIAAAJYAAAAAwAAAA8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/e-tailers
-
user_agent
Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
-
watermark
12345
Targets
-
-
Target
0ca20b85396131dabe5c70b9e5e64365b80a3c67f8d8364850ca6c19cf72d0e5.exe
-
Size
742KB
-
MD5
d223c81ca946a3b05e69cbfb402cc6d6
-
SHA1
09d31081383bfc112c62cd270ba41b050c68b0eb
-
SHA256
5a6fe08d24beda29fe88d05e659c012e97ebf7ca9df4418582554b4d4a04e418
-
SHA512
4a856c4986476d3e76edecf8470dea55e211a88ed2e6c3ccb230dfb8b28c4a1a6711c55df9834b66abd56dc9b2a0d90ee2e3dd12c97b89ef9184335cb96e6f91
-
SSDEEP
12288:mJj7CZ5Pp4a43ckaYw2S3eNlxwAmvga5JX9p:k+Ppg3cO+O+Hzj
Score10/10-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
Detects any file with a triage score of 10
This file has been assigned a triage score of 10, indicating a high likelihood of malicious behavior.
-
Blocklisted process makes network request
-