General
-
Target
710a147b66554a5a9658aecbd310f62b5394c4c4e2f3f89d4c0613a57accb22c
-
Size
2.9MB
-
Sample
240309-j5dqmaeb49
-
MD5
371013004448f8ebbac1f1716aa8fd92
-
SHA1
b316ac6f367fc411efdc309a6c027cad884110f5
-
SHA256
710a147b66554a5a9658aecbd310f62b5394c4c4e2f3f89d4c0613a57accb22c
-
SHA512
3c71642d3be6981dba4893678719c2111c0ae8c3a6ef8e204b53478fd500ea525a3c19393d5c3601bc0f70b57a2575f33e1e79911eb856a511146052c77a2903
-
SSDEEP
49152:BGtlq24VwASOM4IU6iDRq2h8Ti6fHXryLjsoc9CjC4J8ugJU1mPt0D44t:EH+1q5NIj1J8NS1JD
Malware Config
Extracted
cobaltstrike
http://d2ss5ijh3h76v2.cloudfront.net:443/async/Newtab_promos
-
user_agent
Sec-Fetch-Site: none Sec-Fetch-Dest: empty Accept-Language: en-US,en;q=0.5 Host: d2ss5ijh3h76v2.cloudfront.net User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.86 Safari/537.36
Extracted
cobaltstrike
426352781
http://d2ss5ijh3h76v2.cloudfront.net:443/access/
-
access_type
512
-
beacon_type
2048
-
host
d2ss5ijh3h76v2.cloudfront.net,/access/
-
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAeR2V0Q29udGVudEZlYXR1cmVzLkRMTkEuT1JHOiAxAAAAEAAAACNIb3N0OiBkMnNzNWlqaDNoNzZ2Mi5jbG91ZGZyb250Lm5ldAAAAAoAAABIQ29va2llOiAgX191dG1hPTk0MjI5MjA4OC43NDY0OTQ1MTk1LjIzOTUwMzQ5MTEuNTgwNzA3MzcwNy4yMzMzMzI0MjU3LjA7AAAACQAAAAl2ZXJzaW9uPTQAAAAJAAAADmxpZD0yNTgyMjA1MzUxAAAABwAAAAAAAAAIAAAABQAAAAV0b2tlbgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAQAAAAI0hvc3Q6IGQyc3M1aWpoM2g3NnYyLmNsb3VkZnJvbnQubmV0AAAABwAAAAAAAAAFAAAAA3JpZAAAAAkAAAAObGlkPTE5MzA0NDUxNDYAAAAJAAAAH21ldGhvZD1nZXRTZWFyY2hSZWNvbW1lbmRhdGlvbnMAAAAHAAAAAQAAAAMAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
900
-
port_number
443
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCBMLynlrtLB5yeViLbEg+jTpowwBiXeAGsVgAirB0HdEgkew3+CTIfNgjczVRHvRPBFKFbWlOBm6oEwrohSWUKdvbkabxbKqqxYwCErVQ0/CCI/Q9co2NghfdzU0fKtjRWDo+lgYkQ8ZNf5AgNHoKatS2zorGp7T/fqCjgtivHbwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
7.382016e+08
-
unknown2
AAAABAAAAAIAAAAQAAAAAgAAABAAAAACAAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/radio/xmlrpc/v35
-
user_agent
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.86 Safari/537.36
-
watermark
426352781
Targets
-
-
Target
710a147b66554a5a9658aecbd310f62b5394c4c4e2f3f89d4c0613a57accb22c
-
Size
2.9MB
-
MD5
371013004448f8ebbac1f1716aa8fd92
-
SHA1
b316ac6f367fc411efdc309a6c027cad884110f5
-
SHA256
710a147b66554a5a9658aecbd310f62b5394c4c4e2f3f89d4c0613a57accb22c
-
SHA512
3c71642d3be6981dba4893678719c2111c0ae8c3a6ef8e204b53478fd500ea525a3c19393d5c3601bc0f70b57a2575f33e1e79911eb856a511146052c77a2903
-
SSDEEP
49152:BGtlq24VwASOM4IU6iDRq2h8Ti6fHXryLjsoc9CjC4J8ugJU1mPt0D44t:EH+1q5NIj1J8NS1JD
Score10/10-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-