General
-
Target
SF_x64.exe
-
Size
89KB
-
Sample
230906-kpehnaec8t
-
MD5
487117ca651ed66808e23c009ac94520
-
SHA1
d0576dad13f609fb36f15cf2472f88bc7b791aef
-
SHA256
7103985551806cfbea131c1af3c1495de0c283a1fc92fb1d9cebb843ed9b68bf
-
SHA512
e468e75bb7cb18a775ddcb4600d02de405c44f8ea5cee0422b00f70fe8a8f2dd927911f0a43b81c346cdd3272ee85197470ceceaa67c06253f4b179ecfbdaea1
-
SSDEEP
1536:8o7JZJ5Orn1K2A/orOFtXxRh9CES7uyHro8LTPsWsZdc9dlQoMV5l4y0SmzRSYiM:8o7fJ5OJKrQyXhRrCES7uyL7LTGzUZMq
Malware Config
Extracted
cobaltstrike
http://154.8.172.94:443/Restrict/v8.12/RTFSPGTO
-
user_agent
Accept: image/*, application/xhtml+xml, text/html Accept-Language: mt Accept-Encoding: *, gzip User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Extracted
cobaltstrike
100000
http://154.8.172.94:443/Compare/v2.66/G6EBS8VJR0
-
access_type
256
-
beacon_type
2048
-
host
154.8.172.94,/Compare/v2.66/G6EBS8VJR0
-
http_header1
AAAACgAAACtBY2NlcHQ6IGFwcGxpY2F0aW9uL3htbCwgdGV4dC9odG1sLCBpbWFnZS8qAAAACgAAABZBY2NlcHQtTGFuZ3VhZ2U6IGVuLXVzAAAACgAAABxBY2NlcHQtRW5jb2Rpbmc6ICosIGlkZW50aXR5AAAACgAAAIRDb29raWU6IE1pY3Jvc29mdEFwcGxpY2F0aW9uc1RlbGVtZXRyeURldmljZUlkPTk1YzE4ZDgtNGRjZTk4NTQ7Q2xpZW50SWQ9MUMwRjZDNUQ5MTBGOTtNU1BBdXRoPTNFa0FqREtqSTt4aWQ9NzMwYmY3O3dsYTQyPURDSmxydWhJdE0AAAAHAAAAAAAAAA0AAAAFAAAAAndhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAADpBY2NlcHQ6IGFwcGxpY2F0aW9uL2pzb24sIHRleHQvaHRtbCwgYXBwbGljYXRpb24veGh0bWwreG1sAAAACgAAABZBY2NlcHQtTGFuZ3VhZ2U6IGFyLWx5AAAACgAAABxBY2NlcHQtRW5jb2Rpbmc6IGNvbXByZXNzLCAqAAAABwAAAAAAAAAPAAAADQAAAAUAAAAJX1lXTkpPR0NSAAAABwAAAAEAAAAPAAAACwAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
11008
-
polling_time
10049
-
port_number
443
-
sc_process32
%windir%\syswow64\notepad.exe
-
sc_process64
%windir%\sysnative\consent.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCSLuD745dPVr6eukeOXnNQvHbLqlvtwntpjLWIecUeqVCi7oqGyzymIJU/U83oHGyj3jH5bjUibF7B+eiBR3JUKOhOwgn0vnp69BxM6V6qiLaDW5d5uYNIb5st0fz3i08PSdtfrd2XyYTGn6jvTYg1wVZaqLpUKQFEejla3KJ4jQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
1.532302592e+09
-
unknown2
AAAABAAAAA0AAAAPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/alert/extra/A7M1XKX85L6I
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
-
watermark
100000
Targets
-
-
Target
SF_x64.exe
-
Size
89KB
-
MD5
487117ca651ed66808e23c009ac94520
-
SHA1
d0576dad13f609fb36f15cf2472f88bc7b791aef
-
SHA256
7103985551806cfbea131c1af3c1495de0c283a1fc92fb1d9cebb843ed9b68bf
-
SHA512
e468e75bb7cb18a775ddcb4600d02de405c44f8ea5cee0422b00f70fe8a8f2dd927911f0a43b81c346cdd3272ee85197470ceceaa67c06253f4b179ecfbdaea1
-
SSDEEP
1536:8o7JZJ5Orn1K2A/orOFtXxRh9CES7uyHro8LTPsWsZdc9dlQoMV5l4y0SmzRSYiM:8o7fJ5OJKrQyXhRrCES7uyL7LTGzUZMq
Score10/10-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-