General

  • Target

    Cobraloader.rar

  • Size

    6.7MB

  • Sample

    240603-h9l25aga4t

  • MD5

    b539a1d5156ada8f1f6e5ad9930dfe35

  • SHA1

    2357fe7a43b3ae44b21e25a232556c75cf48ce89

  • SHA256

    8fd324094cf16794400d4f2c6d2493d5a1e825a23a16599d2c52822ba9b4d216

  • SHA512

    a35ebebf6581e9745f4489a3a952373a061ae21a2cb5bfda631774ab8e248d98ffb8d0aad78c34547ce7db59083f2f562d35a43bf6d068146e7f0edce2c124d2

  • SSDEEP

    196608:I/uCXrY/I2U6UCvrhJwy1/XT4m7XWz4D8fUkJfW6UHkg:YXrkI2DbzXj4m7XWzjJlPg

Malware Config

Targets

    • Target

      Cobra loader.exe

    • Size

      6.8MB

    • MD5

      755c615f6146334ad2f4365858b9a1c0

    • SHA1

      011c0bb1f77a452ca7cad673f3862cbe8b175ed1

    • SHA256

      f6bd680fd3270eabcca386bfd665210a889c02f7a0d063316bad5abb383f98aa

    • SHA512

      d8c3d1fda373d4905b7e2b1bdb909f070fdf925c5fab206d32660854378ff3832336f140ded5d16093b832dcce66c73aa7f19ad290b6fb693f09144dfb5937b7

    • SSDEEP

      196608:7r8sV1vFB6ylnlPzf+JiJCsmFMvNn6hVvTi:PFBRlnlPSa7mmvN+ri

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks