General
-
Target
52850a2d3d4c87d62f348b4df59a6c25b62e3c8fd5fc5035909dc73802b03bf8
-
Size
19KB
-
Sample
240421-mg1r2ahc3w
-
MD5
7f6219613eda811eada544ac6caa6c16
-
SHA1
a04973420c8cb78746caa68bd7d85128d40690f4
-
SHA256
52850a2d3d4c87d62f348b4df59a6c25b62e3c8fd5fc5035909dc73802b03bf8
-
SHA512
a693a694baeff6a2ae9180a5086e906deabea57b79ea90ffb44f2bd94d05c9a7ec740a0322cfd2f3aa75f17ee1b511904fd9d71f9241442ec82ca49c673407cf
-
SSDEEP
192:5V7qaCF6Op1t2dobVXujRDcBaXWQjwOT/2cmA9mhmWF8qa1Dojjgi:bqaCF31cix+Dc4zjpmxFF46gi
Malware Config
Extracted
cobaltstrike
http://107.175.158.78:80/qQb9
-
user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALC)
Extracted
cobaltstrike
987654321
http://107.175.158.78:80/MicrosoftUpdate/ShellEx/KB242742/default.aspx
-
access_type
512
-
host
107.175.158.78,/MicrosoftUpdate/ShellEx/KB242742/default.aspx
-
http_header1
AAAACgAAAD1Vc2VyLUFnZW50OiBNb3ppbGxhLzQuMCAoQ29tcGF0aWJsZTsgTVNJRSA2LjA7V2luZG93cyBOVCA1LjEpAAAACgAAABtBY2NlcHQ6ICovKiwgLi4uLCAuLi4uLi4sIC4AAAAHAAAAAAAAAAsAAAAFAAAAA3RtcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAoAAAA9VXNlci1BZ2VudDogTW96aWxsYS80LjAgKENvbXBhdGlibGU7IE1TSUUgNi4wO1dpbmRvd3MgTlQgNS4xKQAAAAcAAAAAAAAAAQAAAAwvZGVmYXVsdC5hc3AAAAAMAAAABwAAAAEAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
500
-
port_number
80
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCj46Hh/xPdl6SVS/rb1DluSClic5D/zPS/2+I9/ABTMm+y4b9H5oDOOKI+i7iDCqkKDabQ0eZr6zAZUiwbXRPpNf/aIjYgAI90AY1cJNOXNkkeBioJSrIxzzfGZorz+nXN9ENaWL8uR4eh6mbrJPKhl3VHT8y68KBkC5f5y9FTfQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/MicrosoftUpdate/GetUpdate/KB
-
user_agent
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; BOIE9;ENUS)
-
watermark
987654321
Targets
-
-
Target
52850a2d3d4c87d62f348b4df59a6c25b62e3c8fd5fc5035909dc73802b03bf8
-
Size
19KB
-
MD5
7f6219613eda811eada544ac6caa6c16
-
SHA1
a04973420c8cb78746caa68bd7d85128d40690f4
-
SHA256
52850a2d3d4c87d62f348b4df59a6c25b62e3c8fd5fc5035909dc73802b03bf8
-
SHA512
a693a694baeff6a2ae9180a5086e906deabea57b79ea90ffb44f2bd94d05c9a7ec740a0322cfd2f3aa75f17ee1b511904fd9d71f9241442ec82ca49c673407cf
-
SSDEEP
192:5V7qaCF6Op1t2dobVXujRDcBaXWQjwOT/2cmA9mhmWF8qa1Dojjgi:bqaCF31cix+Dc4zjpmxFF46gi
Score10/10-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-