General
-
Target
8f02db051024b4431c0bd5beb7d666a9f717e3a6386f24a11857ca5b92ce617c
-
Size
216KB
-
Sample
231103-wapwmahg57
-
MD5
d2fd12b6af179ae7c4ad6a090f7d5c25
-
SHA1
516f3edd3c00776f4c325decb6ddf29a6f1d2fd3
-
SHA256
8f02db051024b4431c0bd5beb7d666a9f717e3a6386f24a11857ca5b92ce617c
-
SHA512
d59136a39cbe504d9f30b8f52cef83121953dfefc17ae0e79f9d39872362cb3004229f0dc9d050a044787c2ddc7929722a74413e29ed4780871c88c50317712a
-
SSDEEP
3072:kK8DwCtyxm16c2mvM7XpQoyq8f2Rc5XLYf+qdddkg7BiOxjbHoc:kK8DwFm16QgqJEfCGdc
Malware Config
Extracted
cobaltstrike
1580103824
http://paymentsolo.online:443/menu/dashboard/6TRE23
-
access_type
512
-
beacon_type
2048
-
host
paymentsolo.online,/menu/dashboard/6TRE23
-
http_header1
AAAAEAAAABhIb3N0OiBwYXltZW50c29sby5vbmxpbmUAAAAKAAAAC0FjY2VwdDogKi8qAAAACgAAAB9BY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41AAAACgAAABVTZWMtRmV0Y2gtRGVzdDogZW1wdHkAAAAKAAAAFFNlYy1GZXRjaC1Nb2RlOiBjb3JzAAAACgAAABpTZWMtRmV0Y2gtU2l0ZTogY3Jvc3Mtc2l0ZQAAAAcAAAAAAAAAAwAAAAIAAAAKUEhQU0VTU0lEPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAAEAAAABhIb3N0OiBwYXltZW50c29sby5vbmxpbmUAAAAKAAAAC0FjY2VwdDogKi8qAAAACgAAAB9BY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41AAAACgAAAEhBY2Nlc3MtQ29udHJvbC1SZXF1ZXN0LUhlYWRlcnM6IGNvbnRlbnQtdHlwZSx4LWdvb2ctYXBpLWtleSx4LXVzZXItYWdlbnQAAAAKAAAAFVNlYy1GZXRjaC1EZXN0OiBlbXB0eQAAAAoAAAAUU2VjLUZldGNoLU1vZGU6IGNvcnMAAAAKAAAAGlNlYy1GZXRjaC1TaXRlOiBjcm9zcy1zaXRlAAAABwAAAAAAAAADAAAAAgAAAApQSFBTRVNTSUQ9AAAABgAAAAZDb29raWUAAAAHAAAAAQAAAAMAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
5120
-
polling_time
60000
-
port_number
443
-
sc_process32
%windir%\syswow64\dllhost.exe
-
sc_process64
%windir%\sysnative\dllhost.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCjkWvHnxN+a3eaUDaQ4sLAhhbALgwfkCSfxkz5OIOOQa/XO+oxZg5yD6F9uyQmvtwZMhku91jaGiJpf8qJQxOzsTZWeVsHyzFj6qZLOvTGzMM2A8/2S6Il5UvEImGXtsE7o+2AWBhEGFteJKcHtc1eJkWKbVkCBYbGknkcYgT/zQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
1.481970944e+09
-
unknown2
AAAABAAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/menu/dashboard/6JSM74
-
user_agent
Mozilla/5.0 (Linux; Android 8.1.0; CPH1853) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Mobile Safari/537.36 EdgA/110.0.1588.77
-
watermark
1580103824
Targets
-
-
Target
8f02db051024b4431c0bd5beb7d666a9f717e3a6386f24a11857ca5b92ce617c
-
Size
216KB
-
MD5
d2fd12b6af179ae7c4ad6a090f7d5c25
-
SHA1
516f3edd3c00776f4c325decb6ddf29a6f1d2fd3
-
SHA256
8f02db051024b4431c0bd5beb7d666a9f717e3a6386f24a11857ca5b92ce617c
-
SHA512
d59136a39cbe504d9f30b8f52cef83121953dfefc17ae0e79f9d39872362cb3004229f0dc9d050a044787c2ddc7929722a74413e29ed4780871c88c50317712a
-
SSDEEP
3072:kK8DwCtyxm16c2mvM7XpQoyq8f2Rc5XLYf+qdddkg7BiOxjbHoc:kK8DwFm16QgqJEfCGdc
Score10/10-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
Blocklisted process makes network request
-