General

  • Target

    loader_obf.bat

  • Size

    3.6MB

  • Sample

    240223-l9p1kaef3t

  • MD5

    6531b28786be30434acd8a1f96529f4e

  • SHA1

    fde3b17e4f2be4a42f5a1eaf1dbcd7024b50b171

  • SHA256

    30ca15e0c27b369f12598b23f6e56ab3326ab02f124470bc455c3f85a91a23d1

  • SHA512

    97b7b9c302d39b38ec933b780701499716dacf0428c1763e2b90067877d063666b71253c4f74f1e776b15054a1af35cbfdfd98c23536b3b5e797f67d0d998ffa

  • SSDEEP

    6144:7194tl15KgM8/kaMfORd2PKXFasv/Spat2H0P3kL3d2yUY2E:S+gM84O8uawxt3ke8

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://raw.githubusercontent.com/partymonster2/Batch-Scripts/main/explorer.bat

Extracted

Family

cobaltstrike

C2

http://192.168.158.132:443/SmYD

Attributes
  • user_agent

    User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; Trident/4.0; .NET CLR 2.0.50727)

Targets

    • Target

      loader_obf.bat

    • Size

      3.6MB

    • MD5

      6531b28786be30434acd8a1f96529f4e

    • SHA1

      fde3b17e4f2be4a42f5a1eaf1dbcd7024b50b171

    • SHA256

      30ca15e0c27b369f12598b23f6e56ab3326ab02f124470bc455c3f85a91a23d1

    • SHA512

      97b7b9c302d39b38ec933b780701499716dacf0428c1763e2b90067877d063666b71253c4f74f1e776b15054a1af35cbfdfd98c23536b3b5e797f67d0d998ffa

    • SSDEEP

      6144:7194tl15KgM8/kaMfORd2PKXFasv/Spat2H0P3kL3d2yUY2E:S+gM84O8uawxt3ke8

    • Cobaltstrike

      Detected malicious payload which is part of Cobaltstrike.

    • Blocklisted process makes network request

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks