General
-
Target
03ccd9ab1ff49b374c233aa89e45b683cbf3b7ee87b3a257421c4e541330ae3e
-
Size
5.6MB
-
Sample
231010-3sy1ksha5v
-
MD5
2e73b0ade618cdc967165d1310eec29c
-
SHA1
b56638a0e6d46f29bb32bcd5274bb9c8d58b56d8
-
SHA256
03ccd9ab1ff49b374c233aa89e45b683cbf3b7ee87b3a257421c4e541330ae3e
-
SHA512
264aea5bff72ca246f1b0b5219220a215aa5bbcc0efd716bc65c7c642702050ef87d50c39cf8479a28dfdc4e04624e5c365a7c01791dcfd18f3c8e8d6e5debbb
-
SSDEEP
98304:XMWfDc9W4i3yiI7HuSjOCf6xD/RRI+iZ7q1zPPXNAjtVa/u:UruyiYHs1xlRI+7NAjtVa/u
Malware Config
Extracted
cobaltstrike
666666
http://css.bustring.com:443/safebrowsing/QVXHQf/QVXHQfXdpinARC06MctcJ4hprcWoBIZaDp2-M
-
access_type
512
-
beacon_type
2048
-
host
css.bustring.com,/safebrowsing/QVXHQf/QVXHQfXdpinARC06MctcJ4hprcWoBIZaDp2-M
-
http_header1
AAAAEAAAAB5Ib3N0OiBhcGkuYWN0aXZlLW1pY3Jvc29mdC5jb20AAAAKAAAAR0FjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44AAAACgAAAB9BY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41AAAABwAAAAAAAAALAAAAAgAAAA9SRUY9SUQ9UVZYSFFmeWYAAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAAEAAAAB5Ib3N0OiBhcGkuYWN0aXZlLW1pY3Jvc29mdC5jb20AAAAKAAAAR0FjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44AAAACgAAAB9BY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41AAAABwAAAAAAAAALAAAAAgAAAA9SRUY9SUQ9UVZYSFFmeWYAAAAGAAAABkNvb2tpZQAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
5120
-
polling_time
30000
-
port_number
443
-
sc_process32
%windir%\syswow64\gpupdate.exe
-
sc_process64
%windir%\sysnative\gpupdate.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCZFVu69HEHoxtabkylaXLTONOa7sbbaTxinK8LCf7IOw6k9xtHahhn/phltzTgYu9ZYS1ugMrlB8Ik2/F8CTX+o5xgIQJU6is7Dj7ggXGamS89VZdp9f5U58EGa97acrc6Ga9zXeW/q1HBFfSnEuEt7SlJlVZOTgNldOiN5zpXTQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/safebrowsing/QVXHQf/QVXHQfyfH5BrChprcWoBIZaDp2-M
-
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3943.0 Safari/537.36 Edg/79.0.308.1
-
watermark
666666
Extracted
cobaltstrike
0
-
watermark
0
Targets
-
-
Target
03ccd9ab1ff49b374c233aa89e45b683cbf3b7ee87b3a257421c4e541330ae3e
-
Size
5.6MB
-
MD5
2e73b0ade618cdc967165d1310eec29c
-
SHA1
b56638a0e6d46f29bb32bcd5274bb9c8d58b56d8
-
SHA256
03ccd9ab1ff49b374c233aa89e45b683cbf3b7ee87b3a257421c4e541330ae3e
-
SHA512
264aea5bff72ca246f1b0b5219220a215aa5bbcc0efd716bc65c7c642702050ef87d50c39cf8479a28dfdc4e04624e5c365a7c01791dcfd18f3c8e8d6e5debbb
-
SSDEEP
98304:XMWfDc9W4i3yiI7HuSjOCf6xD/RRI+iZ7q1zPPXNAjtVa/u:UruyiYHs1xlRI+7NAjtVa/u
Score10/10-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
Executes dropped EXE
-
Loads dropped DLL
-