General
-
Target
wynik2.exe
-
Size
5.7MB
-
Sample
240209-pl8pjsba4z
-
MD5
04a6643b2b18c8f275b00633a76b2a18
-
SHA1
334ce01225156be515357e13331d89bb08a82d98
-
SHA256
6f3e93ae4a5eadbdac87f277884ebce03713b54c29cdae825cc6a05fcfb371c7
-
SHA512
482270fb35a91ba1cc8a9ad011ae95828bca3412d6ed07b70db61f5ba6fb26d328fe5783dc682440d89739dff699f0275045296b4a64c5b127dc09048a9420b8
-
SSDEEP
49152:Vg182Umocfnw8ZRIILh0bopwsaCdzRQJ4N4PDC6:VQRC+B47C
Malware Config
Extracted
cobaltstrike
http://cdn.ecosafeus.com:443/components/layer-2.png
-
user_agent
Host: cdn.ecosafeus.com Connection: close Accept-Encoding: br Accept-Language: en-US,en;q=0.5 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/117.0
Extracted
cobaltstrike
674054486
http://ecosafeus.com:443/network-security.css
-
access_type
512
-
beacon_type
2048
-
host
ecosafeus.com,/network-security.css
-
http_header1
AAAAEAAAABdIb3N0OiBjZG4uZWNvc2FmZXVzLmNvbQAAAAoAAAARQ29ubmVjdGlvbjogY2xvc2UAAAAKAAAAD0FjY2VwdDogaW1hZ2UvKgAAAAcAAAAAAAAAAwAAAAMAAAACAAAACnV0YWdfbWFpbj0AAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAAEAAAABdIb3N0OiBjZG4uZWNvc2FmZXVzLmNvbQAAAAoAAAARQ29ubmVjdGlvbjogY2xvc2UAAAAKAAAAFkFjY2VwdC1MYW5ndWFnZTogZGUtZGUAAAAKAAAAL0NvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkAAAABwAAAAEAAAAIAAAAAwAAAAIAAAAJZmFtaWx5aWQ9AAAABAAAAAcAAAAAAAAAAwAAAAIAAAAOX19zZXNzaW9uX19pZD0AAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
9984
-
polling_time
63491
-
port_number
443
-
sc_process32
%windir%\syswow64\regsvr32.exe
-
sc_process64
%windir%\sysnative\regsvr32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCBWbUQkisJDPBZCYVqzyFq1ZrSXYeCig7svJktYdovedV++vnue2+pz4T4GnM6irCTbW6lZugXT1NUB0GKDlJZAg85zwpEZJnQxkJdv2N1pdIZscfSDz7T0wKCllyQ9GYaB5oLiKc4huaZffXiiy/CeUeQUDenINwrZ/qjny2IdwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
1.186343424e+09
-
unknown2
AAAABAAAAAIAAAuaAAAAAwAAAAsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/reference
-
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/117.0
-
watermark
674054486
Targets
-
-
Target
wynik2.exe
-
Size
5.7MB
-
MD5
04a6643b2b18c8f275b00633a76b2a18
-
SHA1
334ce01225156be515357e13331d89bb08a82d98
-
SHA256
6f3e93ae4a5eadbdac87f277884ebce03713b54c29cdae825cc6a05fcfb371c7
-
SHA512
482270fb35a91ba1cc8a9ad011ae95828bca3412d6ed07b70db61f5ba6fb26d328fe5783dc682440d89739dff699f0275045296b4a64c5b127dc09048a9420b8
-
SSDEEP
49152:Vg182Umocfnw8ZRIILh0bopwsaCdzRQJ4N4PDC6:VQRC+B47C
Score10/10-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
Blocklisted process makes network request
-