General
-
Target
2024-02-09_f5d8c1261927b1e71adb1b80ddbeef86_ryuk
-
Size
3.0MB
-
Sample
240209-a9l35afb59
-
MD5
f5d8c1261927b1e71adb1b80ddbeef86
-
SHA1
bd2dbebd088cf4625820eeaf4814561c4819bbae
-
SHA256
d6f693f050215366dfec2b6355ddbf171899c0bb7dac5ecd825e056520b67812
-
SHA512
dee2dc683447522b99f7ffd318d63c9e240997e589838796802c0bb6e7a866d86c4a21663bae3431e41234be63880a0f445611250839ca9a310274819e6385b2
-
SSDEEP
24576:eqNliALsl/5Ukprh+Sdcy9F36Uangq3ADSLNh1mffoMi6CSAJeQ7eUaByUOBBXDt:5NTLgyJzSngk+nSK5rW1Y
Malware Config
Extracted
cobaltstrike
http://cdn.ecosafeus.com:443/components/layer-2.png
-
user_agent
Host: cdn.ecosafeus.com Connection: close Accept-Encoding: br Accept-Language: en-US,en;q=0.5 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/117.0
Extracted
cobaltstrike
674054486
http://ecosafeus.com:443/network-security.css
-
access_type
512
-
beacon_type
2048
-
host
ecosafeus.com,/network-security.css
-
http_header1
AAAAEAAAABdIb3N0OiBjZG4uZWNvc2FmZXVzLmNvbQAAAAoAAAARQ29ubmVjdGlvbjogY2xvc2UAAAAKAAAAD0FjY2VwdDogaW1hZ2UvKgAAAAcAAAAAAAAAAwAAAAMAAAACAAAACnV0YWdfbWFpbj0AAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAAEAAAABdIb3N0OiBjZG4uZWNvc2FmZXVzLmNvbQAAAAoAAAARQ29ubmVjdGlvbjogY2xvc2UAAAAKAAAAFkFjY2VwdC1MYW5ndWFnZTogZGUtZGUAAAAKAAAAL0NvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkAAAABwAAAAEAAAAIAAAAAwAAAAIAAAAJZmFtaWx5aWQ9AAAABAAAAAcAAAAAAAAAAwAAAAIAAAAOX19zZXNzaW9uX19pZD0AAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
9984
-
polling_time
63491
-
port_number
443
-
sc_process32
%windir%\syswow64\regsvr32.exe
-
sc_process64
%windir%\sysnative\regsvr32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCBWbUQkisJDPBZCYVqzyFq1ZrSXYeCig7svJktYdovedV++vnue2+pz4T4GnM6irCTbW6lZugXT1NUB0GKDlJZAg85zwpEZJnQxkJdv2N1pdIZscfSDz7T0wKCllyQ9GYaB5oLiKc4huaZffXiiy/CeUeQUDenINwrZ/qjny2IdwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
1.186343424e+09
-
unknown2
AAAABAAAAAIAAAuaAAAAAwAAAAsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/reference
-
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/117.0
-
watermark
674054486
Targets
-
-
Target
2024-02-09_f5d8c1261927b1e71adb1b80ddbeef86_ryuk
-
Size
3.0MB
-
MD5
f5d8c1261927b1e71adb1b80ddbeef86
-
SHA1
bd2dbebd088cf4625820eeaf4814561c4819bbae
-
SHA256
d6f693f050215366dfec2b6355ddbf171899c0bb7dac5ecd825e056520b67812
-
SHA512
dee2dc683447522b99f7ffd318d63c9e240997e589838796802c0bb6e7a866d86c4a21663bae3431e41234be63880a0f445611250839ca9a310274819e6385b2
-
SSDEEP
24576:eqNliALsl/5Ukprh+Sdcy9F36Uangq3ADSLNh1mffoMi6CSAJeQ7eUaByUOBBXDt:5NTLgyJzSngk+nSK5rW1Y
Score10/10-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-