Overview

overview

10

Static

static

10

50d67082c3...fb.exe

windows7-x64

10

50d67082c3...fb.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    50d67082c368cbd59090d2b1e81aebfb

  • Size

    12KB

  • MD5

    50d67082c368cbd59090d2b1e81aebfb

  • SHA1

    16df04c315e08d502d0e901363ad13440bea455a

  • SHA256

    00906f1cf709f6591880f952da59f41a3019944d23824e000592fe7de035c446

  • SHA512

    1bcbfd0e9bb1fcf12507f0cecd90609de446e891177ec0d86b7de41774e4cb8c004c92bea3593ba0df5ebc8ec66239736801dc05a59de7202fa1e53c2ee1d159

  • SSDEEP

    192:o9PQFnTaojOmiVmN0TIvF7jF66bPcBzNynTB46T1Bs59LC7kkvVjg/Pop8l1T6:mYtbp6EVVb5tVjgHe2

Score
10/10
cobaltstrikemetasploit

Malware Config

Extracted

Family

cobaltstrike

C2

http://45.9.148.138:443/damage/whois/7XHX3OLQ7

Attributes
  • user_agent

    Accept: application/xhtml+xml, text/html, application/json Accept-Language: el Accept-Encoding: gzip, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://45.9.148.138:443/Upload/init/SE1XC8RPO0

Signatures

  • Cobaltstrike family
    cobaltstrike
  • Metasploit family
    metasploit
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 50d67082c368cbd59090d2b1e81aebfb
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections