General

  • Target

    5b48c08f366aa5a387d9b9d5be7446ff065535f69c81526960c3125ebd111cd2

  • Size

    1.3MB

  • MD5

    ec5f7dabb132566a5fb6eea491954f56

  • SHA1

    127645770319649a56f5e82502226876e1f9db19

  • SHA256

    5b48c08f366aa5a387d9b9d5be7446ff065535f69c81526960c3125ebd111cd2

  • SHA512

    72e3432e9e857773b1160cd96e59e17e8596b501fcd6f657f6544548d13cb0d9d2cde954cd83fac85379af35ca7ae5c4600486d76d6b70ee578a98d123af3bfa

  • SSDEEP

    24576:V/AxGXeC21+NZIQWrt6AoVg7yB0VyOJ+fUTRVDqntU5Rsly:qieCbf+VjpRVD9Rs

Score
10/10

Malware Config

Extracted

Family

cobaltstrike

C2

http://192.168.137.3:80/frCB

Attributes
  • user_agent

    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727)

Signatures

  • Cobaltstrike family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 5b48c08f366aa5a387d9b9d5be7446ff065535f69c81526960c3125ebd111cd2
    .exe windows:6 windows x64 arch:x64

    4f2f006e2ecf7172ad368f8289dc96c1


    Headers

    Imports

    Sections