General
-
Target
5391bffded090573deb4e5af5c80a617d1bbc351235ad05a4a7b69fcc363bc60
-
Size
1.4MB
-
Sample
231222-vb2fdacgb9
-
MD5
e369327e38fe8e3a1adf10407f9cdda7
-
SHA1
3b48c9481778e65867c39364641a1bb9fdfd0286
-
SHA256
5391bffded090573deb4e5af5c80a617d1bbc351235ad05a4a7b69fcc363bc60
-
SHA512
c80905756d071b1ae440cd692e44189e133eb67c5eb39d240740558130deb54ab87e0bfa144c5dcc60b94426c6c07856e84a74b4656d359b213a60b2faf7e684
-
SSDEEP
24576:lOTX442j7cqcaK0YQBrMItkPJXBwCZEO53KwB/2tihxqfdB0cug7/un:2sj73K0YHItkhRwkRKM/2tWxqfon
Malware Config
Extracted
cobaltstrike
426352781
http://UPDATE.OSDEVICEUPDATESERVICES.COM:53/jquery-3.3.1.min.js
-
access_type
512
-
beacon_type
256
-
dns_idle
1.908702538e+09
-
host
UPDATE.OSDEVICEUPDATESERVICES.COM,/jquery-3.3.1.min.js
-
http_method1
GET
-
http_method2
POST
-
jitter
9472
-
maxdns
255
-
polling_time
45000
-
port_number
53
-
sc_process32
%windir%\syswow64\dllhost.exe
-
sc_process64
%windir%\sysnative\dllhost.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQUTNVwBqPVx15rtX38o7pOpriBWIlw+kXxvOCma25M4w0forsyzXeQalgP8UsXDnp7SGMb8jydHjKW7EF5ok+x/As+kPE+GPVnGKUFbJX/D+F5Zpz6hU8pnnjaWRqow0zXTdwFKG0cciafrBcsyvxAVd5rRmuDUZFLjWg5dm42QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4.234810624e+09
-
watermark
426352781
Targets
-
-
Target
Word.exe
-
Size
2.9MB
-
MD5
7bfa6fe3b744655e93fb0cb1a409e730
-
SHA1
149a1159a7df525f9caceaa7104a99e61ed1d5af
-
SHA256
50e48f2706dc9c9ce2ac09c4e4c30440f7fff2f6b46bf3346e15aba8959d019c
-
SHA512
74f0f024b4485c061a25ffc3db375d562a9d6e1457869c9d0ed5d5ffb06bed4c598c4bdb17a150c0352a986a3cf2fae26f9bf47b4a826ecb8e521c0ad453953c
-
SSDEEP
49152:Lv5AYQJeZCDsyWb4X/HUviYeLHs0N3dlnJlL5X:V7h0Da8XjZt
Score10/10-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-