General
-
Target
fa53323173c272fee9626adffdb7d4336b299316b5dd9115fdb8674b94384d89
-
Size
836KB
-
Sample
240410-sfk8vafc8x
-
MD5
5c6560495cf7ea6af964daf9e54c8b58
-
SHA1
652fd800f88a11a8147aa003a24fa5c887ce9aac
-
SHA256
fa53323173c272fee9626adffdb7d4336b299316b5dd9115fdb8674b94384d89
-
SHA512
b8db0ace5a294d941119114a72996a2f0c95ace9e9329a03043ae95b2beb062e68d1d3a2e6c405561ca6d742822cabc5a09d951b8ad8b5121ffb6ce230cf511f
-
SSDEEP
24576:UkCGEbdfwu0CrkjP8yZZDdYYSOQ0TxW10mG7RD4sVAH:jCGEb+4Q8+LS4g47RD4sVAH
Malware Config
Extracted
cobaltstrike
1580103824
http://185.225.73.238:443/doFor/v6.29/N0UYA064Z4
-
access_type
512
-
beacon_type
2048
-
host
185.225.73.238,/doFor/v6.29/N0UYA064Z4
-
http_header1
AAAACgAAADJBY2NlcHQ6IGFwcGxpY2F0aW9uL3htbCwgYXBwbGljYXRpb24vanNvbiwgaW1hZ2UvKgAAAAoAAAATQWNjZXB0LUxhbmd1YWdlOiBkZQAAAAoAAAAfQWNjZXB0LUVuY29kaW5nOiBpZGVudGl0eSwgZ3ppcAAAAAcAAAAAAAAADwAAAAsAAAACAAAAIXNlY3VyZV9pZF9YTENJWlFBOVhPNFQwQU9VMkRFT1JSPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAADhBY2NlcHQ6IGFwcGxpY2F0aW9uL3hodG1sK3htbCwgYXBwbGljYXRpb24vanNvbiwgaW1hZ2UvKgAAAAoAAAAWQWNjZXB0LUxhbmd1YWdlOiBubC1iZQAAAAoAAAAWQWNjZXB0LUVuY29kaW5nOiAqLCBicgAAAAcAAAAAAAAADwAAAA0AAAAFAAAACV9XRkxBUUJTTQAAAAcAAAABAAAADwAAAAgAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
12032
-
polling_time
75655
-
port_number
443
-
sc_process32
%windir%\syswow64\dns-sd.exe
-
sc_process64
%windir%\sysnative\getmac.exe /V
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCDjafSAG/t5AV7MoJ0+yfqNVP8VKHTcWG23Xwqeq+bC34ftgavpOGxc90RaJYkBZQfMrMG2vVGWBcJjYS9OpN0RgqnTKV7X386f0joSLS9E/wKAP7GwQKUwjE7xZVlzelWDQBRq7/OaBXAF405hSi4eRWAuEIZeAWk8/irwifE5wIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
6.0444672e+08
-
unknown2
AAAABAAAAAEAAAOOAAAAAgAAA44AAAALAAAADwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/Fabricate/reminder/NA2SEVLFJWX0
-
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:58.0) Gecko/20100101 Firefox/58.0
-
watermark
1580103824
Targets
-
-
Target
fa53323173c272fee9626adffdb7d4336b299316b5dd9115fdb8674b94384d89
-
Size
836KB
-
MD5
5c6560495cf7ea6af964daf9e54c8b58
-
SHA1
652fd800f88a11a8147aa003a24fa5c887ce9aac
-
SHA256
fa53323173c272fee9626adffdb7d4336b299316b5dd9115fdb8674b94384d89
-
SHA512
b8db0ace5a294d941119114a72996a2f0c95ace9e9329a03043ae95b2beb062e68d1d3a2e6c405561ca6d742822cabc5a09d951b8ad8b5121ffb6ce230cf511f
-
SSDEEP
24576:UkCGEbdfwu0CrkjP8yZZDdYYSOQ0TxW10mG7RD4sVAH:jCGEb+4Q8+LS4g47RD4sVAH
Score10/10-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
Blocklisted process makes network request
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-