General
-
Target
05e991f353268f5e7e9c39130efd36cf2e54fca4ca503098531175b1957bbbc0
-
Size
4.0MB
-
Sample
240530-mkb8vafc29
-
MD5
8024249bd8823870e6e73db6f6c38482
-
SHA1
ca01f34aecca3449d752a1be84cf8132e911a52e
-
SHA256
05e991f353268f5e7e9c39130efd36cf2e54fca4ca503098531175b1957bbbc0
-
SHA512
1af28013a8697bf65f752982bab031ac7aab3f79132ac6142b8081ea21caf1205efe0979ac2f53ca0075005b12b327edf364eec3d7d8d13bc3d26548d0bfc4f9
-
SSDEEP
24576:O0c7zNWEW72pH+yDXjsjCNXSTezByzwSwHYgFf1YuC1Q:O/NTW72tdqChS6I8rYgFfquC1
Malware Config
Extracted
cobaltstrike
100000
http://311980.xyz:8443/bing/chen
-
access_type
512
-
beacon_type
2048
-
host
311980.xyz,/bing/chen
-
http_header1
AAAAEAAAABBIb3N0OiAzMTE5ODAueHl6AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAqQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi8qOyBjaGFyc2V0PXV0Zi04AAAACgAAABNSZWZlcmVyOiAzMTE5ODAueHl6AAAACgAAAB5BY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUAAAAHAAAAAAAAAA0AAAACAAAACV9fY2ZkdWlkPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAAEAAAABBIb3N0OiAzMTE5ODAueHl6AAAACgAAACpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uLyo7IGNoYXJzZXQ9dXRmLTgAAAAKAAAAG1JlZmVyZXI6IGh0dHBzOi8vMzExOTgwLnh5egAAAAcAAAAAAAAADQAAAAUAAAAIX19mb3JtaWQAAAAJAAAAFGFwaXR5cGU9a2pSbVdnbGpyUVR2AAAACQAAABRvcmRlcnR5cGU9WG92ZkFyRWdBWQAAAAcAAAABAAAADQAAAAIAAAAqYWlkXz01MjIwMDU3MDUmYWNjdmVyPTEmc2hvd3R5cGU9ZW1iZWQmdWE9AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
16896
-
polling_time
1000
-
port_number
8443
-
sc_process32
%windir%\syswow64\WerFault.exe
-
sc_process64
%windir%\sysnative\WerFault.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCsq1neYcqlkmWzzct+s8KTz+d9AD2a3lqV2EYY2oF9fBIhF5veFLNaI3okxHyTt+MP6kVyLnNugZ0M5ZHX1r7dHzejH0IWxlRPDs/FfsGGOGW92bZKZsl2fXnO6RDAGoXfsIfomlDaegoyDC3BLtkvUFht/T2B7pom/vWgNvAcvwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4.18408576e+09
-
unknown2
AAAABAAAAAEAAAY/AAAAAgAABj8AAAACAAADIwAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/rewardsapp/ncheader
-
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36
-
watermark
100000
Targets
-
-
Target
05e991f353268f5e7e9c39130efd36cf2e54fca4ca503098531175b1957bbbc0
-
Size
4.0MB
-
MD5
8024249bd8823870e6e73db6f6c38482
-
SHA1
ca01f34aecca3449d752a1be84cf8132e911a52e
-
SHA256
05e991f353268f5e7e9c39130efd36cf2e54fca4ca503098531175b1957bbbc0
-
SHA512
1af28013a8697bf65f752982bab031ac7aab3f79132ac6142b8081ea21caf1205efe0979ac2f53ca0075005b12b327edf364eec3d7d8d13bc3d26548d0bfc4f9
-
SSDEEP
24576:O0c7zNWEW72pH+yDXjsjCNXSTezByzwSwHYgFf1YuC1Q:O/NTW72tdqChS6I8rYgFfquC1
Score10/10-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-