General

  • Target

    shellcode_run.zip

  • Size

    57KB

  • Sample

    240306-krrwrsgf43

  • MD5

    5bd1e2b06d92f5865975e956b8ba4aee

  • SHA1

    f42acac54be18e0dce62cb176c9f08d2f70185c4

  • SHA256

    ba5160de0505ffb46c083d98d0aa6eafbefd0c0be6f2c4b4cd632b29e8f2641f

  • SHA512

    ad5fd3f121d02a628e8038af865880b13bb6691e17610a78b45e9a4a4c5454c6141f6b9bb1c75fa60ff9d28924baa5831a6767a3b0df75995a0c854b5330f46e

  • SSDEEP

    1536:5WeP0Iwqwt6R7XryrbtuvW9galZVbzQ1i:5WWTy6ROPt/97lDbzoi

Malware Config

Extracted

Family

cobaltstrike

C2

http://ngp01cyi.slt.sched.intlscdn.com:443/7qsB

Attributes
  • user_agent

    Host: software-express.cloud User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36

Targets

    • Target

      shellcode_run.exe

    • Size

      109KB

    • MD5

      0d51495f9e53191e87f522b2d4513219

    • SHA1

      16a6a908e3d5a73a408598a472bb4e463a8fb81b

    • SHA256

      9edab317a7600c0f84fe1838bab3d947b6b90481f6d05c2cbbc83a2866130ddb

    • SHA512

      41090d0b526f5d46150540724b7d4aaca6c40e32094d46e5b054cc890786ea9d871e6356093b1499dec267d73865d8656b1cb140c15de91c026f47f2c40f44ce

    • SSDEEP

      3072:WwpksUjRpiMrP7F7JYc/agR/D5v5/c2I4P:BksUlpD7F7JvS8FlP

    • Cobaltstrike

      Detected malicious payload which is part of Cobaltstrike.

    • Describes win.cobalt_strike.

      malpedia CS.

MITRE ATT&CK Enterprise v15

Tasks