General
-
Target
4afbc363.exe
-
Size
10.9MB
-
Sample
230704-kta12abg24
-
MD5
7a94e3afa9b82ddc73184ee0349fc022
-
SHA1
47cf0b7e2848f74b71478cbb80dd2eb338fd3181
-
SHA256
15ef1811e340b32689a63154839dc7585f4fdc4acc7a2433a57c3f3b3c0763ff
-
SHA512
f591e2ad88b3646007182b135764da0a7de2045ed139094c3ebf8e4e353e319d608e9bc36bcdc1dd6b291ec717f50eae4e9efa10829d49b49ba0db3a18c7b3ac
-
SSDEEP
196608:yaLaAXcHL2Vmd6+DTrLZy7YM30Lzajk/1q3+dgSXpAmA0W8/LaVr0KVQT:ZxcHL2Vmd6mT0Gzajaq3+d9XSmHW8g0N
Malware Config
Extracted
cobaltstrike
http://1.117.176.254:443/bootstrap-2.min.js
-
user_agent
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Host: 360.com
Extracted
cobaltstrike
100000
http://1.117.176.254:443/pixel.gif
-
access_type
512
-
beacon_type
2048
-
host
1.117.176.254,/pixel.gif
-
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQWNjZXB0LUxhbmd1YWdlOiBlbi11cwAAAAoAAAAbQWNjZXB0LUVuY29kaW5nOiB0ZXh0L3BsYWluAAAACgAAAC9Db250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsdHJ5dHJ5ZAAAAAcAAAAAAAAAAwAAAAIAAAAiU0VTU0lPTklEPXdxZTQ1NHdxZTJkczE1ZHM0ZHNhNWRzNAAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQWNjZXB0LUxhbmd1YWdlOiBlbi11cwAAAAoAAAAbQWNjZXB0LUVuY29kaW5nOiB0ZXh0L3BsYWluAAAACgAAAC9Db250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsdHJ5dHJ5ZAAAAAcAAAAAAAAAAwAAAAIAAAAjSlNFU1NJT049ZHNmNXNkNGY1ZTQ1ZmU0czY1ZDRmODU2ZTQAAAAGAAAABkNvb2tpZQAAAAcAAAABAAAAAwAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
5120
-
polling_time
3000
-
port_number
443
-
sc_process32
%windir%\syswow64\dllhost.exe
-
sc_process64
%windir%\sysnative\dllhost.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQOS1tdAHzcNgyjUTH+CrnnE2PDel3qW6WADi7pZZQ68UGwCRh15Sgxaz4agqp55YEbz0yo5I/6k75mr+EsHZOKM5UiQQepX0MARLEMkMCMRg0Kow4GR0t8bPQhc2EOTO1eI9oth6jy4caAiPC3kGIYsjNXv3ELHzvE25gljx71wIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
1.481970944e+09
-
unknown2
AAAABAAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/Login.php
-
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36
-
watermark
100000
Extracted
cobaltstrike
0
-
watermark
0
Targets
-
-
Target
4afbc363.exe
-
Size
10.9MB
-
MD5
7a94e3afa9b82ddc73184ee0349fc022
-
SHA1
47cf0b7e2848f74b71478cbb80dd2eb338fd3181
-
SHA256
15ef1811e340b32689a63154839dc7585f4fdc4acc7a2433a57c3f3b3c0763ff
-
SHA512
f591e2ad88b3646007182b135764da0a7de2045ed139094c3ebf8e4e353e319d608e9bc36bcdc1dd6b291ec717f50eae4e9efa10829d49b49ba0db3a18c7b3ac
-
SSDEEP
196608:yaLaAXcHL2Vmd6+DTrLZy7YM30Lzajk/1q3+dgSXpAmA0W8/LaVr0KVQT:ZxcHL2Vmd6mT0Gzajaq3+d9XSmHW8g0N
Score10/10-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
Loads dropped DLL
-