General
-
Target
340767f84451baa1315e4a2ec9899a8257d036b97a3696359e44b125be6ca16e
-
Size
1.4MB
-
Sample
231224-lttntaeab3
-
MD5
2cf8e37c590de87200a8fc42029fe50f
-
SHA1
5168ad39f2021a8e7f527d598308f7a2f8f208fb
-
SHA256
340767f84451baa1315e4a2ec9899a8257d036b97a3696359e44b125be6ca16e
-
SHA512
3c51b463194ac38356815d92ce8241ead3e38b2d2993e460888be0bd0168151ffd5a1f61232b7ae3142abd9c1c553369bf1efa492a6377daf70cd7352351f3c8
-
SSDEEP
24576:DacYC5EdvtTge1V6wh3AsnM5cQSBP9AJ1dUogWPoBMo1ipxdDQhmlNEIqSHxIMcR:DaBC5Ezge1gq3VM5clMdzgWwBMoEpj7Q
Malware Config
Extracted
cobaltstrike
426352781
http://UPDATE.OSDEVICEUPDATESERVICES.COM:53/jquery-3.3.1.min.js
-
access_type
512
-
beacon_type
256
-
dns_idle
1.908702538e+09
-
host
UPDATE.OSDEVICEUPDATESERVICES.COM,/jquery-3.3.1.min.js
-
http_method1
GET
-
http_method2
POST
-
jitter
9472
-
maxdns
255
-
polling_time
45000
-
port_number
53
-
sc_process32
%windir%\syswow64\dllhost.exe
-
sc_process64
%windir%\sysnative\dllhost.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQUTNVwBqPVx15rtX38o7pOpriBWIlw+kXxvOCma25M4w0forsyzXeQalgP8UsXDnp7SGMb8jydHjKW7EF5ok+x/As+kPE+GPVnGKUFbJX/D+F5Zpz6hU8pnnjaWRqow0zXTdwFKG0cciafrBcsyvxAVd5rRmuDUZFLjWg5dm42QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4.234810624e+09
-
watermark
426352781
Targets
-
-
Target
update.exe
-
Size
2.9MB
-
MD5
bbb5279047e1756a9e6d90a3f601c693
-
SHA1
e49888361c9e7d808aaa55234df817d109e9c24b
-
SHA256
511d15c567eb862c9f6bb5ccad1ff19dee76999ceb3adee8c3b5a917d84360e3
-
SHA512
5622875d43c31de6a4ae3b4a2ed786b26866d6df2987c858964f79cbc557472b9d01969df4e8b08a4a71c96858f3288bffc02e42fed246c9ad63f550ac94badb
-
SSDEEP
49152:UY1+PcvD8154tGEwpLH875F7i8iArXhQOoP3jS5GlRdL5b:vAqUOEEwx
Score10/10-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-