General

  • Target

    a66a72c7eded1e2d5832234dc11f4867

  • Size

    3.7MB

  • Sample

    240226-p9fcxaee9t

  • MD5

    a66a72c7eded1e2d5832234dc11f4867

  • SHA1

    2b3523bcc1926cd6587d0bccb38fb8f2b1efeb36

  • SHA256

    708d5be920872b67d827af551d50d984bba99f20adab031c4650e95321cecbee

  • SHA512

    414ddd33e9713f723ca0b839969f6851ceaa163156bdb7af55e2b5ad9a6896ddbcf65d481871ca783412fac8c94a9e8cd64a2e0f4dc6bee79f3f6dcb5d5f9b15

  • SSDEEP

    98304:HwYsKQOzPxAN12R6Hj5tHndKfbiHzRyCMxSi6r:Qne5Av2R6H1tH2Uz8+9

Malware Config

Extracted

Family

cobaltstrike

C2

http://119.45.183.69:8989/Rpc

Attributes
  • user_agent

    Host: outlook.live.com Accept: */* User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)

Targets

    • Target

      a66a72c7eded1e2d5832234dc11f4867

    • Size

      3.7MB

    • MD5

      a66a72c7eded1e2d5832234dc11f4867

    • SHA1

      2b3523bcc1926cd6587d0bccb38fb8f2b1efeb36

    • SHA256

      708d5be920872b67d827af551d50d984bba99f20adab031c4650e95321cecbee

    • SHA512

      414ddd33e9713f723ca0b839969f6851ceaa163156bdb7af55e2b5ad9a6896ddbcf65d481871ca783412fac8c94a9e8cd64a2e0f4dc6bee79f3f6dcb5d5f9b15

    • SSDEEP

      98304:HwYsKQOzPxAN12R6Hj5tHndKfbiHzRyCMxSi6r:Qne5Av2R6H1tH2Uz8+9

    • Cobaltstrike

      Detected malicious payload which is part of Cobaltstrike.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks