General
-
Target
8e8df2006c2b688b95716fdba9a91d07c421997d0e9d35f4a3ba2ea07057da13
-
Size
576KB
-
Sample
240331-l2cp9shh51
-
MD5
7bde3d9b63f3eab76fc05cdb457a323c
-
SHA1
5b29c934c3ad63492abf65081a27b4ee6cbd9cc8
-
SHA256
8e8df2006c2b688b95716fdba9a91d07c421997d0e9d35f4a3ba2ea07057da13
-
SHA512
f59b7b2269fe9e0a8f9a402e90180c1322b804e1a8f8261fadb19a694586de4dc7d96bb8450df058a5f192b8e779e831b0469d29654d7f1d00fa1f49e4acf422
-
SSDEEP
12288:aGrVfNOldtcj5HPK+wk3Ta77Hp0fWAUmBYmGN8/vYFLTqoMK:aKAldtGHB/vYFLTqoMK
Malware Config
Extracted
cobaltstrike
http://yhycslsgmscb.uk:8443/api/fk2
-
user_agent
Host: yhycslsgmscb.uk User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.9999.0 Safari/537.36
Extracted
cobaltstrike
100000000
http://yhycslsgmscb.uk:8443/api/fk3
-
access_type
512
-
beacon_type
2048
-
host
yhycslsgmscb.uk,/api/fk3
-
http_header1
AAAAEAAAABVIb3N0OiB5aHljc2xzZ21zY2IudWsAAAAHAAAAAAAAAAMAAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAAEAAAABVIb3N0OiB5aHljc2xzZ21zY2IudWsAAAAHAAAAAAAAAAMAAAAGAAAABkNvb2tpZQAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
5000
-
port_number
8443
-
sc_process32
%windir%\syswow64\dllhost.exe
-
sc_process64
%windir%\sysnative\dllhost.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCE3WXRU0tYMbSz1g8ZCEoFokEem3mkPXa1ILr9R5bH0omxzPMOz9Pli3Zg6rIMDY2QqkFG7dnucWjmuMyUUekuwSIZD0+tjNEsiWBgbz1qO7TLLjFTnOXipJQOiiW9WwdbmuMrN9rUkZES565oIlZ9+Xo8ox/OsxVpFzITyV2nzQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/api/fk4
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.9999.0 Safari/537.36
-
watermark
100000000
Targets
-
-
Target
8e8df2006c2b688b95716fdba9a91d07c421997d0e9d35f4a3ba2ea07057da13
-
Size
576KB
-
MD5
7bde3d9b63f3eab76fc05cdb457a323c
-
SHA1
5b29c934c3ad63492abf65081a27b4ee6cbd9cc8
-
SHA256
8e8df2006c2b688b95716fdba9a91d07c421997d0e9d35f4a3ba2ea07057da13
-
SHA512
f59b7b2269fe9e0a8f9a402e90180c1322b804e1a8f8261fadb19a694586de4dc7d96bb8450df058a5f192b8e779e831b0469d29654d7f1d00fa1f49e4acf422
-
SSDEEP
12288:aGrVfNOldtcj5HPK+wk3Ta77Hp0fWAUmBYmGN8/vYFLTqoMK:aKAldtGHB/vYFLTqoMK
Score10/10-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-