General

  • Target

    1c8920973cfa14fafcc7d97a3cb5a43d8e713a0f50faa2738be7c61af21a4832

  • Size

    298KB

  • Sample

    240622-xwajhavcrk

  • MD5

    0c03803dd1100fbbc6b4f7ddc0cf784a

  • SHA1

    1460e3e05cfb7cfed696c09911906d329e8c1a8e

  • SHA256

    1c8920973cfa14fafcc7d97a3cb5a43d8e713a0f50faa2738be7c61af21a4832

  • SHA512

    f62de12651fcd0fc903fc29cd870db59a17be73f3aa20b3e4d0379242214e31d410aec1082e9c68506808f032b74c99be615c503460bdcfec2e03ebd2c82e5e6

  • SSDEEP

    6144:+dRVzSkGTxSLD8uq5CaOPs47bhqUde8JfsAdfk4iX0+mB37lp:+hqxSLo5C1Ps4XhA8JHd87eB7D

Malware Config

Extracted

Family

cobaltstrike

C2

http://47.107.23.145:80/7jRj

Attributes
  • user_agent

    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727)

Targets

    • Target

      1c8920973cfa14fafcc7d97a3cb5a43d8e713a0f50faa2738be7c61af21a4832

    • Size

      298KB

    • MD5

      0c03803dd1100fbbc6b4f7ddc0cf784a

    • SHA1

      1460e3e05cfb7cfed696c09911906d329e8c1a8e

    • SHA256

      1c8920973cfa14fafcc7d97a3cb5a43d8e713a0f50faa2738be7c61af21a4832

    • SHA512

      f62de12651fcd0fc903fc29cd870db59a17be73f3aa20b3e4d0379242214e31d410aec1082e9c68506808f032b74c99be615c503460bdcfec2e03ebd2c82e5e6

    • SSDEEP

      6144:+dRVzSkGTxSLD8uq5CaOPs47bhqUde8JfsAdfk4iX0+mB37lp:+hqxSLo5C1Ps4XhA8JHd87eB7D

    • Cobaltstrike

      Detected malicious payload which is part of Cobaltstrike.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks