General

  • Target

    2024-05-04_6f7b2823216388bb8ebc4f0a62deedd5_cobalt-strike_ryuk

  • Size

    2.0MB

  • MD5

    6f7b2823216388bb8ebc4f0a62deedd5

  • SHA1

    875606a0a1437a588d654a23c5812400bfafc785

  • SHA256

    f2a1da432826eeaf1546554a5dea259f791685613d603a4f7292c9e3328e2d31

  • SHA512

    7d06a5a12e9936a00f99c8a2487019274ab4abda5cdb5ded4b88872ad588ad4f6ab44cdc4ee91a09bf9dadd84fad3440ee3786ef4dce1499f3a1e474976c67ed

  • SSDEEP

    24576:BrvFNTdiqdshladSvbrGRMLzfmag3S448N+bIOV:FvvJiMsDadSveKLjmaYIl

Score
10/10

Malware Config

Extracted

Family

cobaltstrike

C2

http://101.43.109.204:6666/8Rij

Attributes
  • user_agent

    User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Signatures

  • Cobaltstrike family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2024-05-04_6f7b2823216388bb8ebc4f0a62deedd5_cobalt-strike_ryuk
    .exe windows:6 windows x64 arch:x64

    92a789baf24324c59ce8ba5c15cbf7c8


    Headers

    Imports

    Sections