General
-
Target
7803d96a4a965ba34fbfd475ee374820273b5acc88476115c1555774981e307a
-
Size
2.3MB
-
Sample
240713-qv7paasgkm
-
MD5
4c91f27ba8ade0db705c7f802dcb4507
-
SHA1
a826d603ad9e485e4e783b2f18b0654d55dc9f86
-
SHA256
7803d96a4a965ba34fbfd475ee374820273b5acc88476115c1555774981e307a
-
SHA512
7697ae93fb464db4a5c27f88f8b649cc328fe8664971aff074f713b13758ddca56f85489e3b0fabc232bb2941642088157608ca342e21e73062361960e212935
-
SSDEEP
49152:hCvzpbZhModCRnPz6+BhoiqkhR/a14EkDoZXJ5tx67bZvHb/jLNJRd4ZPCz76Q:hCZZhMPRnPgXJ5X67b+
Malware Config
Extracted
cobaltstrike
674054486
http://itechnetworkbd.com:4433/globals.css
-
access_type
512
-
beacon_type
2048
-
host
itechnetworkbd.com,/globals.css
-
http_header1
AAAAEAAAABhIb3N0OiBpdGVjaG5ldHdvcmtiZC5jb20AAAAKAAAAEUNvbm5lY3Rpb246IGNsb3NlAAAACgAAABJBY2NlcHQ6IGltYWdlL2pwZWcAAAAKAAAAGEFjY2VwdC1FbmNvZGluZzogZGVmbGF0ZQAAAAcAAAAAAAAADQAAAAMAAAACAAAACmNvbnNlbnRJZD0AAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAAEAAAABhIb3N0OiBpdGVjaG5ldHdvcmtiZC5jb20AAAAKAAAAEUNvbm5lY3Rpb246IGNsb3NlAAAACgAAAB9BY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41AAAACgAAABhDb250ZW50LVR5cGU6IHRleHQvcGxhaW4AAAAHAAAAAQAAAAgAAAADAAAABAAAAAcAAAAAAAAAAwAAAAIAAAAOX19zZXNzaW9uX19pZD0AAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
9472
-
polling_time
62280
-
port_number
4433
-
sc_process32
%windir%\syswow64\svchost.exe
-
sc_process64
%windir%\sysnative\svchost.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCB5Hs/gZXIoDhkw+8x6I5grs4Vxj6kP0mxqTuZ+jFEbK19wnEgMHsaB6O2iFvvHrxp4VjALXNJYa0a+i6vPXriYH4UQROGnTdUUziJ/7YH2G4DPGgwk2SywXjmWmst9GW8lPUfU8MjGk/YJtRpnYHcrOq42vz7EZ0/+7lyM28Y1wIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
1.3164288e+09
-
unknown2
AAAABAAAAAIAAAWGAAAAAwAAAA0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/ko_KR.html
-
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203
-
watermark
674054486
Targets
-
-
Target
7803d96a4a965ba34fbfd475ee374820273b5acc88476115c1555774981e307a
-
Size
2.3MB
-
MD5
4c91f27ba8ade0db705c7f802dcb4507
-
SHA1
a826d603ad9e485e4e783b2f18b0654d55dc9f86
-
SHA256
7803d96a4a965ba34fbfd475ee374820273b5acc88476115c1555774981e307a
-
SHA512
7697ae93fb464db4a5c27f88f8b649cc328fe8664971aff074f713b13758ddca56f85489e3b0fabc232bb2941642088157608ca342e21e73062361960e212935
-
SSDEEP
49152:hCvzpbZhModCRnPz6+BhoiqkhR/a14EkDoZXJ5tx67bZvHb/jLNJRd4ZPCz76Q:hCZZhMPRnPgXJ5X67b+
Score10/10-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-