General
-
Target
a5d3b9b6a9d54b9df6a49c9897ae3be77e32641918f72c50b981f09608794ee3
-
Size
6.2MB
-
Sample
231123-natwkshd75
-
MD5
7e21cf20651a73c27fa14868c91483af
-
SHA1
b62f66d2a4b32324ee62b278bae553263ea6db7b
-
SHA256
a5d3b9b6a9d54b9df6a49c9897ae3be77e32641918f72c50b981f09608794ee3
-
SHA512
4a7d95399ba765e520c6ee4a48376d589ebba499cd0042367694cdf5e7fbf7b6594c345eda6d9d4f8e8e0331554105b39ece611b431d4942952a2b94bc65f043
-
SSDEEP
98304:b6/Vqlrcw+CJWqpC2h4MtK5qg5l5yATE:eVqtx+CFpyyT
Malware Config
Extracted
cobaltstrike
http://192.168.1.145:8088/Restrict/v8.12/RTFSPGTO
-
user_agent
Accept: image/*, application/xhtml+xml, text/html Accept-Language: mt Accept-Encoding: *, gzip User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36
Targets
-
-
Target
a5d3b9b6a9d54b9df6a49c9897ae3be77e32641918f72c50b981f09608794ee3
-
Size
6.2MB
-
MD5
7e21cf20651a73c27fa14868c91483af
-
SHA1
b62f66d2a4b32324ee62b278bae553263ea6db7b
-
SHA256
a5d3b9b6a9d54b9df6a49c9897ae3be77e32641918f72c50b981f09608794ee3
-
SHA512
4a7d95399ba765e520c6ee4a48376d589ebba499cd0042367694cdf5e7fbf7b6594c345eda6d9d4f8e8e0331554105b39ece611b431d4942952a2b94bc65f043
-
SSDEEP
98304:b6/Vqlrcw+CJWqpC2h4MtK5qg5l5yATE:eVqtx+CFpyyT
Score10/10-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-