General
-
Target
2a944dce9abc515386c432501b20145b.bin
-
Size
249KB
-
Sample
230525-bgna6aga4x
-
MD5
3e7b86752f1eb09a6eb57cbef32cad44
-
SHA1
79d19dea1a7d0626819f161554f02b27e58f096f
-
SHA256
7e027244b341d5c631752657075657a9bcf96709fcbc1ef156fab87703d17ad5
-
SHA512
5cdc378ade67b8fe2e82cc55981d1ac69ec377312a6a62eab612c0f1279d973eac34a2d7a2fd26d0f3ad0d697ee89742e8627bef7f461a4157ad647626399851
-
SSDEEP
6144:h0fhupx8wI8MkjoMsMWNpPolOMbjJ9RXxEWaodoII8BP9fceaGDHwULMjW:dz8Tc0pPolOMhnBYIIw9iGDn3
Malware Config
Extracted
cobaltstrike
206546002
http://ns1.standwithukraine.space:53/jp
http://dns.standwithukraine.space:53/jp
http://ns1.costacancordia.com:53/jp
http://dns.costacancordia.com:53/jp
-
access_type
512
-
beacon_type
256
-
host
ns1.standwithukraine.space,/jp,dns.standwithukraine.space,/jp,ns1.costacancordia.com,/jp,dns.costacancordia.com,/jp
-
http_method1
GET
-
http_method2
POST
-
jitter
15104
-
maxdns
255
-
polling_time
3787
-
port_number
53
-
sc_process32
%windir%\system32\rundll32.exe
-
sc_process64
%windir%\system32\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC/iQCzmFBYUVJ2+eEgzD6SkTt+odT8YoXIEQjp9HtvNA/SPk9R0dDQnfYAMcxec6FedWLiljJ75UdE9zDVyae2BlItqFBS8SrQdP9+jUWOGpZILAe8mwQbwknlupdZ892UgBSxSdftg0Q5Pd5Z8BmqrLngVncgqh/d6PQX8YAGOQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4.43751424e+08
-
watermark
206546002
Targets
-
-
Target
ec621d8d37fd8e0032228b3d756f2dc557f22b9b7e9fa02d3c53106d63644748.exe
-
Size
447KB
-
MD5
2a944dce9abc515386c432501b20145b
-
SHA1
67358ee6d13c05f1b7b5438f54596fdba4542974
-
SHA256
ec621d8d37fd8e0032228b3d756f2dc557f22b9b7e9fa02d3c53106d63644748
-
SHA512
7a17c729213fff476a02f5443904127fe9d271a33e0a797c7349150312888de2d82c64caf003084611e215bc553f115c2d151363e11b45691333f8c6ad9d3fce
-
SSDEEP
12288:48EZ80Fq9Hgu5hrFkiaBHXgbw+kw3TB0:JK84yCiWHXgc+k80
Score10/10-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-