General
-
Target
b10e55666b13fcfd19fa276aa6d030d34fd777483b21928e685aa1777e78a6ef.exe
-
Size
742KB
-
Sample
230507-gj1xxseb29
-
MD5
2d0fb7459ca199c7813af70543c4ca51
-
SHA1
4bd778f56f92268d2dfb6b6f43fd327fd15b3b63
-
SHA256
a86fdfbd7b8dde3b2e9dc79618f67a44d1e1f916fcd9984f6dcf2735d8ec52fa
-
SHA512
32e91b356c83694f6143927a65a5f2bb7b22331d00cce0fa19ae4697712e0abeb7f2c79ef0afb98c3fe08ad7e9f3b0f930556e4aded38a6cec020a841be2ad85
-
SSDEEP
12288:GNPHB3DDSPPPaQGQ1W4aesryt7D0g7yHo29JdjUQ9MxBBQ:GNJDDSPNN6eso2bdjUzBQ
Malware Config
Extracted
cobaltstrike
12345
http://fllrnd.com:443/scrub
-
access_type
512
-
beacon_type
2048
-
host
fllrnd.com,/scrub
-
http_header1
AAAAEAAAABBIb3N0OiBmbGxybmQuY29tAAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAASQWNjZXB0OiBpbWFnZS90aWZmAAAACgAAACZBY2NlcHQtRW5jb2Rpbmc6IGd6aXAgZGVmbGF0ZSBjb21wcmVzcwAAAAcAAAAAAAAADQAAAAMAAAACAAAACXF1X2NzcmY6PQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAAEAAAABBIb3N0OiBmbGxybmQuY29tAAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAAYQ29udGVudC1UeXBlOiB0ZXh0L3BsYWluAAAABwAAAAEAAAAPAAAAAwAAAAQAAAAHAAAAAAAAAAMAAAACAAAADl9fc2Vzc2lvbl9faWQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
18688
-
polling_time
53
-
port_number
443
-
sc_process32
%windir%\syswow64\mstsc.exe
-
sc_process64
%windir%\sysnative\mstsc.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCjut9JrLKK+w9sliNjqcmC7WATDBpfR3tamS16uhtcgg7pPmFue7CKzVuD7DJmZpg2fLdeVpMaKL8zGfNvM4pG8nW1PkpRQn0kuyRfmIyxZe1jT8qsL7nOAbXGa+yD56YqTbWtn9C+fsAQ/go2Rl5zMn802fBnOYWkTm+HYIJa8QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
3.025605888e+09
-
unknown2
AAAABAAAAAIAAAJYAAAAAwAAAA8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/e-tailers
-
user_agent
Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
-
watermark
12345
Targets
-
-
Target
b10e55666b13fcfd19fa276aa6d030d34fd777483b21928e685aa1777e78a6ef.exe
-
Size
742KB
-
MD5
2d0fb7459ca199c7813af70543c4ca51
-
SHA1
4bd778f56f92268d2dfb6b6f43fd327fd15b3b63
-
SHA256
a86fdfbd7b8dde3b2e9dc79618f67a44d1e1f916fcd9984f6dcf2735d8ec52fa
-
SHA512
32e91b356c83694f6143927a65a5f2bb7b22331d00cce0fa19ae4697712e0abeb7f2c79ef0afb98c3fe08ad7e9f3b0f930556e4aded38a6cec020a841be2ad85
-
SSDEEP
12288:GNPHB3DDSPPPaQGQ1W4aesryt7D0g7yHo29JdjUQ9MxBBQ:GNJDDSPNN6eso2bdjUzBQ
Score10/10-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
Detects any file with a triage score of 10
This file has been assigned a triage score of 10, indicating a high likelihood of malicious behavior.
-