General

  • Target

    8fd2dae76d9a391270ff7f7ac4d55a5f496616594d7f5a734d6eeea591c753c3.exe

  • Size

    2.5MB

  • Sample

    240519-b1mtqsbg74

  • MD5

    4543f278f2cf358e16e2284dc6ae4314

  • SHA1

    52ca6e6f1b73d7c3805c9812a4751a2d2333b690

  • SHA256

    8fd2dae76d9a391270ff7f7ac4d55a5f496616594d7f5a734d6eeea591c753c3

  • SHA512

    76fad9c923936e351353160678ed5dedecb89012aa6890437d10c2abec5c8073033adeb40c0c921874b9887415c97e20a0a8a9ab2af20d07f1f6f681796ace5d

  • SSDEEP

    24576:TII3Pzsl1/E/GOzgGlLpU3Pp53aUWa/6cRSkIodSw9IjdJbzbUHJaCu1bIX9TrkZ:TX/zsn/E/GKgoQEi5CC

Malware Config

Extracted

Family

cobaltstrike

C2

http://39.107.242.125:666/lFZQ

Attributes
  • user_agent

    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0)

Targets

    • Target

      8fd2dae76d9a391270ff7f7ac4d55a5f496616594d7f5a734d6eeea591c753c3.exe

    • Size

      2.5MB

    • MD5

      4543f278f2cf358e16e2284dc6ae4314

    • SHA1

      52ca6e6f1b73d7c3805c9812a4751a2d2333b690

    • SHA256

      8fd2dae76d9a391270ff7f7ac4d55a5f496616594d7f5a734d6eeea591c753c3

    • SHA512

      76fad9c923936e351353160678ed5dedecb89012aa6890437d10c2abec5c8073033adeb40c0c921874b9887415c97e20a0a8a9ab2af20d07f1f6f681796ace5d

    • SSDEEP

      24576:TII3Pzsl1/E/GOzgGlLpU3Pp53aUWa/6cRSkIodSw9IjdJbzbUHJaCu1bIX9TrkZ:TX/zsn/E/GKgoQEi5CC

    • Cobaltstrike

      Detected malicious payload which is part of Cobaltstrike.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks