General
-
Target
a692705d5d4f4d80d2e3a57d2211ba7399a004e0a78c785b918b4ca129cbd532
-
Size
2.8MB
-
Sample
231212-q8t1cadhep
-
MD5
40508fa4de4566d8e75e719679ae2f78
-
SHA1
074649558a7e2d6984e9e58342e37e376754ccb1
-
SHA256
a692705d5d4f4d80d2e3a57d2211ba7399a004e0a78c785b918b4ca129cbd532
-
SHA512
57ef0073716a42d7523211451f206a28f42f1d602c8876b465891a41db4e4d9c8344cb492b6b4a05dcb28550f5614d7225ffd6ede0e17bbb046ea7d1bb30559c
-
SSDEEP
49152:cqu+8x/q+rl0kjUKSuM95oSKtFdbOGAdhUnD3jn:ru7dLjUK5M9dKvtOldmjn
Malware Config
Extracted
cobaltstrike
http://dashboard.acamasystems.com:443/techdocs/5135A1D6DE8BCDE33D02668E4C0FEDD8.gif
-
user_agent
Host: dashboard.acamasystems.com Connection: close Accept: */* Accept-Encoding: gzip, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36 Edg/116.0.1938.6
Extracted
cobaltstrike
674054486
http://acamasystems.com:443/en_AU.html.css
-
access_type
512
-
beacon_type
2048
-
host
acamasystems.com,/en_AU.html.css
-
http_header1
AAAAEAAAACBIb3N0OiBkYXNoYm9hcmQuYWNhbWFzeXN0ZW1zLmNvbQAAAAoAAAARQ29ubmVjdGlvbjogY2xvc2UAAAAKAAAAGUFjY2VwdC1FbmNvZGluZzogZ3ppcCwgYnIAAAAKAAAAH0FjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjUAAAAHAAAAAAAAAAsAAAADAAAAAgAAABFta3RWaXNpdG9yQ29va2llPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAAEAAAACBIb3N0OiBkYXNoYm9hcmQuYWNhbWFzeXN0ZW1zLmNvbQAAAAoAAAARQ29ubmVjdGlvbjogY2xvc2UAAAAKAAAAGENvbnRlbnQtVHlwZTogdGV4dC9wbGFpbgAAAAcAAAABAAAACAAAAAMAAAAEAAAABwAAAAAAAAADAAAAAgAAAA5fX3Nlc3Npb25fX2lkPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
9984
-
polling_time
61494
-
port_number
443
-
sc_process32
%windir%\syswow64\svchost.exe
-
sc_process64
%windir%\sysnative\svchost.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCevyF3eXVK2z59zcU1H0sEbKNsbAqAqvmWQJxu1p2HsaO/gNzvozBZOMJMThrU90AsQXorGAkYMx7fYQilywDS+tufr8puqZeI0p3Eao69fVN5ImPA+IbvxdHumfmIkD+ITf+0xxpr0ntxcteOUCZzGPPkNDQvgfm1DpSuwaCvsQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
8.50405888e+08
-
unknown2
AAAABAAAAAIAAAWGAAAAAwAAAAsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/subscriptions
-
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36 Edg/116.0.1938.6
-
watermark
674054486
Targets
-
-
Target
a692705d5d4f4d80d2e3a57d2211ba7399a004e0a78c785b918b4ca129cbd532
-
Size
2.8MB
-
MD5
40508fa4de4566d8e75e719679ae2f78
-
SHA1
074649558a7e2d6984e9e58342e37e376754ccb1
-
SHA256
a692705d5d4f4d80d2e3a57d2211ba7399a004e0a78c785b918b4ca129cbd532
-
SHA512
57ef0073716a42d7523211451f206a28f42f1d602c8876b465891a41db4e4d9c8344cb492b6b4a05dcb28550f5614d7225ffd6ede0e17bbb046ea7d1bb30559c
-
SSDEEP
49152:cqu+8x/q+rl0kjUKSuM95oSKtFdbOGAdhUnD3jn:ru7dLjUK5M9dKvtOldmjn
Score10/10-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-