General
-
Target
15da3c613a6e4689289da847ba375fc3a973fc670bb059cccd91c25ecf9ef38e
-
Size
936KB
-
Sample
240417-gfewaagf7w
-
MD5
812695dfffcf4915972dd5b7ae65c9cf
-
SHA1
3d7927dc34b06abba467cce1f86773c2c2b62fce
-
SHA256
15da3c613a6e4689289da847ba375fc3a973fc670bb059cccd91c25ecf9ef38e
-
SHA512
50ab3b73170a7b7f174046d1fa87dcb220f9a731fcfcfe3b8b32877664a9016b4401ed7edbbe7d0644f0b3a050a308d1acc6cefe983caf8e724f3d49bff99164
-
SSDEEP
12288:7NSnczNrREQz+aHcGwJ9/vlLk+4oeBoyyZN2A1Mkm/nJtMfQcoy/GzzddGZ:BI+n/XcjJ5vNSoeCZNrY2YwGty
Malware Config
Extracted
cobaltstrike
100000000
http://ns1.gsafc.co:53/help
http://ns2.gsafc.co:53/help
http://ns3.gsafc.co:53/help
-
access_type
512
-
beacon_type
256
-
dns_idle
1.920103026e+09
-
host
ns1.gsafc.co,/help,ns2.gsafc.co,/help,ns3.gsafc.co,/help
-
http_method1
GET
-
http_method2
POST
-
jitter
9472
-
maxdns
255
-
polling_time
10000
-
port_number
53
-
sc_process32
%windir%\syswow64\dllhost.exe
-
sc_process64
%windir%\sysnative\dllhost.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCcDM451tcncv9V4lKHUclW0bT5Fispre6S3sEpNoKuaTUY9bHkNv+vW8s+CqSOx7IxvhqdgoG3bNMEYHtdelAxDMJVyvwRmOZK9RbqWhngvVSPbtYlWZmVTM1rEG9yDcF3ZCxdMvdSSobD/GOxQa7K3Z8Z0Zll2sVuVCi/lkB9aQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
1.481970944e+09
-
watermark
100000000
Targets
-
-
Target
15da3c613a6e4689289da847ba375fc3a973fc670bb059cccd91c25ecf9ef38e
-
Size
936KB
-
MD5
812695dfffcf4915972dd5b7ae65c9cf
-
SHA1
3d7927dc34b06abba467cce1f86773c2c2b62fce
-
SHA256
15da3c613a6e4689289da847ba375fc3a973fc670bb059cccd91c25ecf9ef38e
-
SHA512
50ab3b73170a7b7f174046d1fa87dcb220f9a731fcfcfe3b8b32877664a9016b4401ed7edbbe7d0644f0b3a050a308d1acc6cefe983caf8e724f3d49bff99164
-
SSDEEP
12288:7NSnczNrREQz+aHcGwJ9/vlLk+4oeBoyyZN2A1Mkm/nJtMfQcoy/GzzddGZ:BI+n/XcjJ5vNSoeCZNrY2YwGty
Score10/10-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-