General
-
Target
2024-04-15_35aec60c2249ab23755560b8d5dac110_ryuk
-
Size
91KB
-
Sample
240415-lk1qrsbb97
-
MD5
35aec60c2249ab23755560b8d5dac110
-
SHA1
10202cad9808cedceb7678f5ae61d2fd3c62fdd0
-
SHA256
663aa7d7b7fe085b032b8d69be2eeae80a0a03dbc9f963028ba02c8f7de3ffdf
-
SHA512
5223ffc3e471db91fd39d8158b691fd514f247e48ca02aa60910d4616df4dda87790f24d69bf33fe4dce198d5b5e35df426316df1f9c5efae756578f47ef886b
-
SSDEEP
1536:0uRFSPMJQAS2K7+gZfkEgaIwgKG1sWVdc9dlDXnGa9VhR68rgv:0uzSPwq7BFkErHRGHUl3t9VhRZ
Malware Config
Extracted
cobaltstrike
http://38.55.23.144:4430/jquery-3.3.2.slim.min.js
-
user_agent
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Referer: http://code.jquery.com/ Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
Targets
-
-
Target
2024-04-15_35aec60c2249ab23755560b8d5dac110_ryuk
-
Size
91KB
-
MD5
35aec60c2249ab23755560b8d5dac110
-
SHA1
10202cad9808cedceb7678f5ae61d2fd3c62fdd0
-
SHA256
663aa7d7b7fe085b032b8d69be2eeae80a0a03dbc9f963028ba02c8f7de3ffdf
-
SHA512
5223ffc3e471db91fd39d8158b691fd514f247e48ca02aa60910d4616df4dda87790f24d69bf33fe4dce198d5b5e35df426316df1f9c5efae756578f47ef886b
-
SSDEEP
1536:0uRFSPMJQAS2K7+gZfkEgaIwgKG1sWVdc9dlDXnGa9VhR68rgv:0uzSPwq7BFkErHRGHUl3t9VhRZ
Score10/10-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
Modifies Installed Components in the registry
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-