General
-
Target
2a48db264150d1a4966633b38b357f56e224a713680584b3fba79d0404acf9dd
-
Size
1.5MB
-
Sample
240419-g1h4faag22
-
MD5
be5177349f86953d5d81066a51cd943a
-
SHA1
0aa8fb7cd6bce0fcccdf1c0cfaaa84f3a4172358
-
SHA256
2a48db264150d1a4966633b38b357f56e224a713680584b3fba79d0404acf9dd
-
SHA512
8b59971286b711cc276e07d6ae60ba9ee318c1c3b4394f674fae64ea561957d32413177baa6d2ef35d19f5a575708eee3d882cdab97c659a00412297e024566d
-
SSDEEP
24576:CVAtAQfLY08PFDyKfPVXL5u+gyQQ/hffpLAeMcUg9sB26wn6fbQhPZ:C4dkV54UAkZ
Static task
static1
Behavioral task
behavioral1
Sample
2a48db264150d1a4966633b38b357f56e224a713680584b3fba79d0404acf9dd.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2a48db264150d1a4966633b38b357f56e224a713680584b3fba79d0404acf9dd.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
cobaltstrike
http://69.235.177.76:17777/jquery-3.3.2.slim.min.js
-
user_agent
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Referer: http://code.jquery.com/ Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
Targets
-
-
Target
2a48db264150d1a4966633b38b357f56e224a713680584b3fba79d0404acf9dd
-
Size
1.5MB
-
MD5
be5177349f86953d5d81066a51cd943a
-
SHA1
0aa8fb7cd6bce0fcccdf1c0cfaaa84f3a4172358
-
SHA256
2a48db264150d1a4966633b38b357f56e224a713680584b3fba79d0404acf9dd
-
SHA512
8b59971286b711cc276e07d6ae60ba9ee318c1c3b4394f674fae64ea561957d32413177baa6d2ef35d19f5a575708eee3d882cdab97c659a00412297e024566d
-
SSDEEP
24576:CVAtAQfLY08PFDyKfPVXL5u+gyQQ/hffpLAeMcUg9sB26wn6fbQhPZ:C4dkV54UAkZ
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-