General

  • Target

    NEAS.73113cc85f4c4a38fc8eb872d008bf0a59e3669ac5934bf2a38fb89f326e62a9_JC.exe

  • Size

    4.6MB

  • MD5

    ef5fce25927d09ae2e147373c4c64035

  • SHA1

    0db3dc57fb185a640ceb1a8c1fc17abfdf83c886

  • SHA256

    73113cc85f4c4a38fc8eb872d008bf0a59e3669ac5934bf2a38fb89f326e62a9

  • SHA512

    da2b578df4d370699f6c34aaf9ab1c559a5cf206a7a2f550580e47288dab8ef32d7313830d2bc46ec801ee4d9ee1ba403b570878bfd05a8d90195244578461ad

  • SSDEEP

    98304://CHQcsibw8SPLeTtSQo5A8DERxrfExYza4lc+XJFbpVF:XCwcXMHLKyrtxTa5Fp

Malware Config

Extracted

Family

cobaltstrike

C2

http://128.127.104.109:55627/Muj1

Attributes
  • user_agent

    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENUS)

Signatures

  • Cobaltstrike family
  • Detects Pyinstaller 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • NEAS.73113cc85f4c4a38fc8eb872d008bf0a59e3669ac5934bf2a38fb89f326e62a9_JC.exe
    .exe windows:4 windows x86

    05a03ed18d2e75f8c4f1c5bcf287ac56


    Headers

    Imports

    Sections

  • payload4.pyc