General

  • Target

    95e9ddc632a57ae7d30e61a926bb2ef1bc8956991ee468e414a95c818f855b94

  • Size

    1.6MB

  • Sample

    240528-sa5qashf3v

  • MD5

    c737b85640c0d4d8a5bba1c90b3dde99

  • SHA1

    9a1ef4285fadadfccf10315782c0790d6cbcec4d

  • SHA256

    95e9ddc632a57ae7d30e61a926bb2ef1bc8956991ee468e414a95c818f855b94

  • SHA512

    1c45892cb4c10ac05cf1714d31960a34fe158b817ab18c174e2bf91c69730ce4e3ede8d7786904c8169e0e400b927a7899659961236ca0e210bed09f7f58f71b

  • SSDEEP

    24576:mmXj/JP+Bi9SuFcnQMGEcy5sMPcJQy/pXPwomHKaEYmaE3w/DtZ6YrlwW:mM47HqaEYRE3EZB

Malware Config

Extracted

Family

cobaltstrike

C2

http://192.168.159.137:8088/nTXC

Attributes
  • user_agent

    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENXA)

Targets

    • Target

      95e9ddc632a57ae7d30e61a926bb2ef1bc8956991ee468e414a95c818f855b94

    • Size

      1.6MB

    • MD5

      c737b85640c0d4d8a5bba1c90b3dde99

    • SHA1

      9a1ef4285fadadfccf10315782c0790d6cbcec4d

    • SHA256

      95e9ddc632a57ae7d30e61a926bb2ef1bc8956991ee468e414a95c818f855b94

    • SHA512

      1c45892cb4c10ac05cf1714d31960a34fe158b817ab18c174e2bf91c69730ce4e3ede8d7786904c8169e0e400b927a7899659961236ca0e210bed09f7f58f71b

    • SSDEEP

      24576:mmXj/JP+Bi9SuFcnQMGEcy5sMPcJQy/pXPwomHKaEYmaE3w/DtZ6YrlwW:mM47HqaEYRE3EZB

    • Cobaltstrike

      Detected malicious payload which is part of Cobaltstrike.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks