General

  • Target

    a4d396798c17a01d44562b94ed335697187e280b3fa09b36c0186c63311ef7bc

  • Size

    1.3MB

  • MD5

    6d1b0b245568be91bfc80b292875c8f8

  • SHA1

    ab25901a6eb93dbe2b8b1ceee826fcd5b188d4ca

  • SHA256

    a4d396798c17a01d44562b94ed335697187e280b3fa09b36c0186c63311ef7bc

  • SHA512

    01f7969eb09af0e632ccf3b99aa68a6fc1a49f44f2b1f1cf5753458d91282d212d21b9d2aeede1af8935184b67aecb4eebe64e50914825c9d4997d844b02c520

  • SSDEEP

    24576:0/AxGXeC21+NZIQWyt6AoVg7yB0tYftEPcTRVDqnoGRsly:3ieCbfxtKnRVDZGRs

Score
10/10

Malware Config

Extracted

Family

cobaltstrike

C2

http://192.168.137.3:80/frCB

Attributes
  • user_agent

    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727)

Signatures

  • Cobaltstrike family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • a4d396798c17a01d44562b94ed335697187e280b3fa09b36c0186c63311ef7bc
    .exe windows:6 windows x64 arch:x64

    4f2f006e2ecf7172ad368f8289dc96c1


    Headers

    Imports

    Sections