General

  • Target

    a31d1c3da2549c447d14c91bd4fcb39fa8d830f541006b6942bc567a6acad20f

  • Size

    1.6MB

  • Sample

    240530-rwtz9acg84

  • MD5

    2be87c63e6f260f7edbde393af388b22

  • SHA1

    02ad1fa2192299aaae9b794d2a1c1aa98d03435b

  • SHA256

    a31d1c3da2549c447d14c91bd4fcb39fa8d830f541006b6942bc567a6acad20f

  • SHA512

    117f62939f35e3c0cbed10f5fdf3e6ab3518c4d22c362ea4fabbf4c7fcbfb56529671d288429bed4112241739d4d3800042ae6953e629aef0d8d86d3f6a781dd

  • SSDEEP

    24576:yCFdFAy+BiOFKt21XRqjXeg0MPtyj+Hp1ywCXpVk9jfV/hbtS6jJlwl:y7HNNfSDV/PS3

Malware Config

Extracted

Family

cobaltstrike

C2

http://192.168.159.137:8088/nTXC

Attributes
  • user_agent

    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENXA)

Targets

    • Target

      a31d1c3da2549c447d14c91bd4fcb39fa8d830f541006b6942bc567a6acad20f

    • Size

      1.6MB

    • MD5

      2be87c63e6f260f7edbde393af388b22

    • SHA1

      02ad1fa2192299aaae9b794d2a1c1aa98d03435b

    • SHA256

      a31d1c3da2549c447d14c91bd4fcb39fa8d830f541006b6942bc567a6acad20f

    • SHA512

      117f62939f35e3c0cbed10f5fdf3e6ab3518c4d22c362ea4fabbf4c7fcbfb56529671d288429bed4112241739d4d3800042ae6953e629aef0d8d86d3f6a781dd

    • SSDEEP

      24576:yCFdFAy+BiOFKt21XRqjXeg0MPtyj+Hp1ywCXpVk9jfV/hbtS6jJlwl:y7HNNfSDV/PS3

    • Cobaltstrike

      Detected malicious payload which is part of Cobaltstrike.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks