General

  • Target

    95aaade34593c916bc5bd69742e3d5175da0ce2c1f5e40fb3369e94fa8320f73

  • Size

    1.4MB

  • Sample

    240530-rt7tbsbf4x

  • MD5

    ab65b6249a99304781c9fb4b21a9870e

  • SHA1

    d1afadcc09c5e20ee4b4b1e4662827536f9c8c9a

  • SHA256

    95aaade34593c916bc5bd69742e3d5175da0ce2c1f5e40fb3369e94fa8320f73

  • SHA512

    2721210b427f0bdf583daddccdf44aa39494a710e47fee872a5af63d7864acd3fb1dc76b239c499bb0b8a28a375fb8be34a878034f9e20caaa4371fa02af97d2

  • SSDEEP

    24576:uEN3WasoCuK/0thNpT0IFk8j7jUZCGX/QLYgyFoNslvb1:uE4o5CahNpT0x8/yC6+YgyeNGvb1

Malware Config

Extracted

Family

cobaltstrike

C2

http://8.130.123.131:11001/_/rp/FTmJMkisSOAwXdvbYo-M3c6924I.br.js

Attributes
  • user_agent

    Accept: */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 4.0; Trident/4.0)

Targets

    • Target

      95aaade34593c916bc5bd69742e3d5175da0ce2c1f5e40fb3369e94fa8320f73

    • Size

      1.4MB

    • MD5

      ab65b6249a99304781c9fb4b21a9870e

    • SHA1

      d1afadcc09c5e20ee4b4b1e4662827536f9c8c9a

    • SHA256

      95aaade34593c916bc5bd69742e3d5175da0ce2c1f5e40fb3369e94fa8320f73

    • SHA512

      2721210b427f0bdf583daddccdf44aa39494a710e47fee872a5af63d7864acd3fb1dc76b239c499bb0b8a28a375fb8be34a878034f9e20caaa4371fa02af97d2

    • SSDEEP

      24576:uEN3WasoCuK/0thNpT0IFk8j7jUZCGX/QLYgyFoNslvb1:uE4o5CahNpT0x8/yC6+YgyeNGvb1

    • Cobaltstrike

      Detected malicious payload which is part of Cobaltstrike.

    • Modifies Installed Components in the registry

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks