General

  • Target

    64803bb4129dfc6fe9c9d6bf05f65c35ea73cc57a2cafd25737e51169b8a6662

  • Size

    1.6MB

  • Sample

    240625-qlmyhsvflj

  • MD5

    fb196f6171cd47ac8017d017c5289caa

  • SHA1

    6c89cdcda4fff283fe0c7554b0fc20a539ea94c6

  • SHA256

    64803bb4129dfc6fe9c9d6bf05f65c35ea73cc57a2cafd25737e51169b8a6662

  • SHA512

    a23bb7f7f8bccd1997976c09f01bce8895cdb4696a62876dd3248a51b2a2eef04d4945fabbd487bf067290af13056a7fd937c8bc413a5755c9167737fc969d8c

  • SSDEEP

    24576:pCFdFAy+BiOFKt21XRqjXeg0MPtyj+Hp1ywCXpVk9jfV/hbtS6jJlwl:p7HNNfSDV/PS3

Malware Config

Extracted

Family

cobaltstrike

C2

http://192.168.159.137:8088/nTXC

Attributes
  • user_agent

    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENXA)

Targets

    • Target

      64803bb4129dfc6fe9c9d6bf05f65c35ea73cc57a2cafd25737e51169b8a6662

    • Size

      1.6MB

    • MD5

      fb196f6171cd47ac8017d017c5289caa

    • SHA1

      6c89cdcda4fff283fe0c7554b0fc20a539ea94c6

    • SHA256

      64803bb4129dfc6fe9c9d6bf05f65c35ea73cc57a2cafd25737e51169b8a6662

    • SHA512

      a23bb7f7f8bccd1997976c09f01bce8895cdb4696a62876dd3248a51b2a2eef04d4945fabbd487bf067290af13056a7fd937c8bc413a5755c9167737fc969d8c

    • SSDEEP

      24576:pCFdFAy+BiOFKt21XRqjXeg0MPtyj+Hp1ywCXpVk9jfV/hbtS6jJlwl:p7HNNfSDV/PS3

    • Cobaltstrike

      Detected malicious payload which is part of Cobaltstrike.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks