General
-
Target
09a924180d8b54cdfe083be1ea86b69c6490be9066dced4586f4f97b50b26389
-
Size
513KB
-
Sample
231108-a652tsba4x
-
MD5
fc35c5ba1c441a43f7318230d7481db7
-
SHA1
a5cc16d210c744fa3b94c6fc3aae3c7df2ca9e65
-
SHA256
09a924180d8b54cdfe083be1ea86b69c6490be9066dced4586f4f97b50b26389
-
SHA512
297de377023531e89fb1bb3ca254d25899d557ed1719b182204dbe4ab1ac4d74a7f0bbaf2d51724bc0abe560bf87fe60c4c52a49f1f8b67cdd54e33d1e74d84c
-
SSDEEP
6144:i8GXEi1MyS5+eLVTzivHH1v34Gu+KzHbrkA0/ii9SDQtuFshEOMROwFty1RYRbhF:uCySzCHVvXWHs//0DGXSFtyohqA
Malware Config
Extracted
cobaltstrike
426352781
http://sync.outlookdns.xyz:53/users/sign_in
-
access_type
512
-
beacon_type
256
-
host
sync.outlookdns.xyz,/users/sign_in
-
http_method1
GET
-
http_method2
POST
-
jitter
9472
-
maxdns
255
-
polling_time
1000
-
port_number
53
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCLWGmhzGyua98cFtHz6akMVwmHa7JyeN4KZxkbeifFhaBrUvrZy2ZwI0zWS+Bcbcps7nScypIOUNv/NXFeiBedTO5ZHf2cNC+seFh9tNLMmNaXH+nA0FblNrPsHWcqn0HrOVnqkSXqH/L1lmScZZZ+p1N9b1mlSpHLOGm3PMACBwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
3.463386368e+09
-
watermark
426352781
Targets
-
-
Target
09a924180d8b54cdfe083be1ea86b69c6490be9066dced4586f4f97b50b26389
-
Size
513KB
-
MD5
fc35c5ba1c441a43f7318230d7481db7
-
SHA1
a5cc16d210c744fa3b94c6fc3aae3c7df2ca9e65
-
SHA256
09a924180d8b54cdfe083be1ea86b69c6490be9066dced4586f4f97b50b26389
-
SHA512
297de377023531e89fb1bb3ca254d25899d557ed1719b182204dbe4ab1ac4d74a7f0bbaf2d51724bc0abe560bf87fe60c4c52a49f1f8b67cdd54e33d1e74d84c
-
SSDEEP
6144:i8GXEi1MyS5+eLVTzivHH1v34Gu+KzHbrkA0/ii9SDQtuFshEOMROwFty1RYRbhF:uCySzCHVvXWHs//0DGXSFtyohqA
Score10/10-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-