General

  • Target

    a45ac8d19671a001f75dad85309ff4e9

  • Size

    8KB

  • Sample

    240225-vwwevshg4z

  • MD5

    a45ac8d19671a001f75dad85309ff4e9

  • SHA1

    349f4a9ce3bc88f116e62f05ad8e6a69507cf444

  • SHA256

    35f37dc4f0f7732d2ada81aa26c37729ecfc6e772b57ed0bd984c8724274940c

  • SHA512

    3cb8a6c3b0ff06c4b2e4329ae435c023fc0aff78c143bf211c1729c480a85aca6f9ca5535d6149bda76638b0ea369816cc54c5c6dcdba6419a82d4fde9a2a335

  • SSDEEP

    96:76XilcZ8w1lLBFF4KVgVClcAJU5D5dH7sUS47vPLaY6P0k3NJE0mz1lNa+zNt:8CcuKLPGS6InULdbA47v+Y6PvRO1lkY

Malware Config

Extracted

Family

cobaltstrike

C2

http://test.googleapi.space:80/tIKU

Attributes
  • user_agent

    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko Host: test.googleapi.space

Targets

    • Target

      a45ac8d19671a001f75dad85309ff4e9

    • Size

      8KB

    • MD5

      a45ac8d19671a001f75dad85309ff4e9

    • SHA1

      349f4a9ce3bc88f116e62f05ad8e6a69507cf444

    • SHA256

      35f37dc4f0f7732d2ada81aa26c37729ecfc6e772b57ed0bd984c8724274940c

    • SHA512

      3cb8a6c3b0ff06c4b2e4329ae435c023fc0aff78c143bf211c1729c480a85aca6f9ca5535d6149bda76638b0ea369816cc54c5c6dcdba6419a82d4fde9a2a335

    • SSDEEP

      96:76XilcZ8w1lLBFF4KVgVClcAJU5D5dH7sUS47vPLaY6P0k3NJE0mz1lNa+zNt:8CcuKLPGS6InULdbA47v+Y6PvRO1lkY

    • Cobaltstrike

      Detected malicious payload which is part of Cobaltstrike.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks