General
-
Target
Cobraloader.rar
-
Size
6.7MB
-
Sample
240603-h9l25aga4t
-
MD5
b539a1d5156ada8f1f6e5ad9930dfe35
-
SHA1
2357fe7a43b3ae44b21e25a232556c75cf48ce89
-
SHA256
8fd324094cf16794400d4f2c6d2493d5a1e825a23a16599d2c52822ba9b4d216
-
SHA512
a35ebebf6581e9745f4489a3a952373a061ae21a2cb5bfda631774ab8e248d98ffb8d0aad78c34547ce7db59083f2f562d35a43bf6d068146e7f0edce2c124d2
-
SSDEEP
196608:I/uCXrY/I2U6UCvrhJwy1/XT4m7XWz4D8fUkJfW6UHkg:YXrkI2DbzXj4m7XWzjJlPg
Behavioral task
behavioral1
Sample
Cobra loader.exe
Resource
win7-20240419-en
Malware Config
Targets
-
-
Target
Cobra loader.exe
-
Size
6.8MB
-
MD5
755c615f6146334ad2f4365858b9a1c0
-
SHA1
011c0bb1f77a452ca7cad673f3862cbe8b175ed1
-
SHA256
f6bd680fd3270eabcca386bfd665210a889c02f7a0d063316bad5abb383f98aa
-
SHA512
d8c3d1fda373d4905b7e2b1bdb909f070fdf925c5fab206d32660854378ff3832336f140ded5d16093b832dcce66c73aa7f19ad290b6fb693f09144dfb5937b7
-
SSDEEP
196608:7r8sV1vFB6ylnlPzf+JiJCsmFMvNn6hVvTi:PFBRlnlPSa7mmvN+ri
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-