General
-
Target
94a7c995a3f87308dea447de9c3e84ef086fe0379d108332970bc7f2d22efed6
-
Size
315KB
-
Sample
240426-h56wqsbe3v
-
MD5
36eed47751bc04ee9fb82d3f0e836239
-
SHA1
e17fbeefbdca5b0a87393f031479e35cd38d8a68
-
SHA256
94a7c995a3f87308dea447de9c3e84ef086fe0379d108332970bc7f2d22efed6
-
SHA512
b0a76342e605cfa95940cb41f61579a8bd2fb347521a6c10a34fc526546abbdc721ec499a8e9c422137eced2a9ad966c69e1ace7ba976e059e273838f8ce3066
-
SSDEEP
6144:SCGaECnpAoDO1A8dg3iTPJLMfgQZX+tJs0dxm:DGHCnaomAEg3uPdkgOX+tZdxm
Static task
static1
Behavioral task
behavioral1
Sample
94a7c995a3f87308dea447de9c3e84ef086fe0379d108332970bc7f2d22efed6.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
94a7c995a3f87308dea447de9c3e84ef086fe0379d108332970bc7f2d22efed6.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
cobaltstrike
http://192.168.209.130:80/6Uco
-
user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0; BOIE9;ENUS)
Targets
-
-
Target
94a7c995a3f87308dea447de9c3e84ef086fe0379d108332970bc7f2d22efed6
-
Size
315KB
-
MD5
36eed47751bc04ee9fb82d3f0e836239
-
SHA1
e17fbeefbdca5b0a87393f031479e35cd38d8a68
-
SHA256
94a7c995a3f87308dea447de9c3e84ef086fe0379d108332970bc7f2d22efed6
-
SHA512
b0a76342e605cfa95940cb41f61579a8bd2fb347521a6c10a34fc526546abbdc721ec499a8e9c422137eced2a9ad966c69e1ace7ba976e059e273838f8ce3066
-
SSDEEP
6144:SCGaECnpAoDO1A8dg3iTPJLMfgQZX+tJs0dxm:DGHCnaomAEg3uPdkgOX+tZdxm
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-