General
-
Target
c2191d815d4fb2d9785ba67ce149af0f6749574bf8b4f7b3ab4881fbfdcf1afe
-
Size
1.7MB
-
Sample
240216-zbwx4sfd5z
-
MD5
7eac5c9b670add017f1552ba1ec0c343
-
SHA1
89a0b118634225ce5b592824fadbfdec4274861e
-
SHA256
c2191d815d4fb2d9785ba67ce149af0f6749574bf8b4f7b3ab4881fbfdcf1afe
-
SHA512
05d690d1e2f042628c37d02673328529c1c8de4fda23c18feab6b04af8255f48dbef1850fbbd39f246065a6cd9dc2600c907fe3dd94f2b019609a1f377aef257
-
SSDEEP
24576:tr5PPP8LX4I6KLIJyBBAZfsSDM4dFJ9m39UeX5IPD49Zpw2csrQtiQtA:tBPELXbIcG0SDt7J9oUeX5IE992b
Malware Config
Extracted
cobaltstrike
12345
http://gabecreatenew.com:443/professional.js
-
access_type
512
-
beacon_type
2048
-
host
gabecreatenew.com,/professional.js
-
http_header1
AAAAEAAAABdIb3N0OiBnYWJlY3JlYXRlbmV3LmNvbQAAAAoAAAARQ29ubmVjdGlvbjogY2xvc2UAAAAHAAAAAAAAAA0AAAADAAAAAgAAAAZfdXRtYT0AAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAAEAAAABdIb3N0OiBnYWJlY3JlYXRlbmV3LmNvbQAAAAoAAAARQ29ubmVjdGlvbjogY2xvc2UAAAAKAAAAGENvbnRlbnQtVHlwZTogdGV4dC9wbGFpbgAAAAcAAAABAAAADQAAAAMAAAAEAAAABwAAAAAAAAADAAAAAgAAAA5fX3Nlc3Npb25fX2lkPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
20224
-
polling_time
63
-
port_number
443
-
sc_process32
%windir%\syswow64\mstsc.exe
-
sc_process64
%windir%\sysnative\mstsc.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJcGrzJo1VQ2KXXyMfdOtKz4YtWRgIAF8cYYcrE88ucq8ZV4AeE8dyDFekma+XMJDZ2MjIz5UiMlII5k3Q4UTy1YQpgebmFfnKxi7iSv7NTYt8Fmihw/5On7yAgalsgrZJYDB+frCY5Um8zPjqvRZpU3nuKGZYQSZ0y88E+AeR4QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
5.44480256e+08
-
unknown2
AAAABAAAAAIAAAJYAAAAAwAAAA0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/standardized
-
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 GROW-2135 Safari/537.36 OPR/76.0.4017.222
-
watermark
12345
Targets
-
-
Target
c2191d815d4fb2d9785ba67ce149af0f6749574bf8b4f7b3ab4881fbfdcf1afe
-
Size
1.7MB
-
MD5
7eac5c9b670add017f1552ba1ec0c343
-
SHA1
89a0b118634225ce5b592824fadbfdec4274861e
-
SHA256
c2191d815d4fb2d9785ba67ce149af0f6749574bf8b4f7b3ab4881fbfdcf1afe
-
SHA512
05d690d1e2f042628c37d02673328529c1c8de4fda23c18feab6b04af8255f48dbef1850fbbd39f246065a6cd9dc2600c907fe3dd94f2b019609a1f377aef257
-
SSDEEP
24576:tr5PPP8LX4I6KLIJyBBAZfsSDM4dFJ9m39UeX5IPD49Zpw2csrQtiQtA:tBPELXbIcG0SDt7J9oUeX5IE992b
Score10/10-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-