General

  • Target

    defc35870b938efd3d3ce07919ed5ee56f7164bb26425e92bb4c2d6c03661828

  • Size

    153KB

  • MD5

    97bacafea2e5b1fc7f5ae3fb8b870344

  • SHA1

    a6437ce7a18be70126cf1440bc4dbc7791be442d

  • SHA256

    defc35870b938efd3d3ce07919ed5ee56f7164bb26425e92bb4c2d6c03661828

  • SHA512

    d78d8083e16c043c29c7717b71441aacf2ed8e3f25aa00d64e56e85432fc2e1244b0ff94afee8e4064e5ad09ab0ff4bbeb28da2c964cc1a08444adcb2631d0f7

  • SSDEEP

    3072:YeWOtFB4MCx1SYgoL2j9gZ++93b2toxESFWIYZ23s9:YeWsIxQoL2N6bfhFAZgs

Score
10/10

Malware Config

Extracted

Family

cobaltstrike

C2

http://res.youth.cn:80/meCore.min.js

Attributes
  • user_agent

    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Host: vip.iqiyi.com Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4044.62 Safari/537.36

Signatures

  • Cobaltstrike family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • defc35870b938efd3d3ce07919ed5ee56f7164bb26425e92bb4c2d6c03661828
    .exe windows x64

    9eeaf96080b8cc52b95f630937b57175


    Headers

    Imports

    Sections