Overview

overview

10

Static

static

10

0848b48fc5...d5.exe

windows7-x64

10

0848b48fc5...d5.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    0848b48fc5a44e475b6cbfccef42c1ad67d20594761c5a8e80b2c35537da12d5

  • Size

    25KB

  • MD5

    e54e65ee42980571710f539fb6b06eae

  • SHA1

    d44da7650e760b4fc59f54ce2769b3638ea2fa73

  • SHA256

    0848b48fc5a44e475b6cbfccef42c1ad67d20594761c5a8e80b2c35537da12d5

  • SHA512

    c41829ce9014e81adcc1ced751c753135308967aebc382d59fce06e449e69c447311557fcf07e609007281fd2e1d2ab6741ed3dbe6d7431f51e9f4495b424764

  • SSDEEP

    384:jxKrRMsQWH/iBJ5cXCR1TRo8ol60E3SXdNWeB1ocJ2+E3bK0/PdYsja9/V14:jxWJH/q5/7TWl6rSXdIc1MWc0V14

Score
10/10
cobaltstrike

Malware Config

Extracted

Family

cobaltstrike

C2

http://103.158.36.222:442/jquery-3.3.2.slim.min.js

Attributes
  • user_agent

    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Referer: http://code.jquery.com/ Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko

Signatures

  • Cobaltstrike family
    cobaltstrike
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 0848b48fc5a44e475b6cbfccef42c1ad67d20594761c5a8e80b2c35537da12d5
    .exe windows:4 windows x64 arch:x64


    Headers

    Sections