General

  • Target

    d705104d68ca0dc480b7f49e1dd079cd95ef64f21f7a45a9b5b367462f8ab6f9.exe

  • Size

    361KB

  • Sample

    240724-1txg2azank

  • MD5

    d1e9e70ecbf4c41cd6c4dc54680e2218

  • SHA1

    377bec32993d7782bfa5de786aef1b406b9ef357

  • SHA256

    d705104d68ca0dc480b7f49e1dd079cd95ef64f21f7a45a9b5b367462f8ab6f9

  • SHA512

    8de97e6822d933775af51b250f893348315024e4062ccdfe601fb96c99f7c0610d4c63b5d559f00df801af1ee36bfd1dd3771cdc1f091762e21cf948120e4734

  • SSDEEP

    6144:3NpRP5j0n5TsRdGUZD3Q5UPl3iUcJJJ655ZZoMb8rdvL4s68dTlcEo6IpiWe97TX:3NpRP5jQCRdrD39BcEPxROZ

Malware Config

Extracted

Family

cobaltstrike

C2

http://36.138.209.232:60443/api-gateway/jpaas-jis-coruser-server/front/coruserlogin/usernamepwd-login.jspx

Attributes
  • user_agent

    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Referer: https://zwdtuser.sh.gov.cn/uc/naturalUser/loginNew.do Accept-Encoding-V2: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko

Targets

    • Target

      d705104d68ca0dc480b7f49e1dd079cd95ef64f21f7a45a9b5b367462f8ab6f9.exe

    • Size

      361KB

    • MD5

      d1e9e70ecbf4c41cd6c4dc54680e2218

    • SHA1

      377bec32993d7782bfa5de786aef1b406b9ef357

    • SHA256

      d705104d68ca0dc480b7f49e1dd079cd95ef64f21f7a45a9b5b367462f8ab6f9

    • SHA512

      8de97e6822d933775af51b250f893348315024e4062ccdfe601fb96c99f7c0610d4c63b5d559f00df801af1ee36bfd1dd3771cdc1f091762e21cf948120e4734

    • SSDEEP

      6144:3NpRP5j0n5TsRdGUZD3Q5UPl3iUcJJJ655ZZoMb8rdvL4s68dTlcEo6IpiWe97TX:3NpRP5jQCRdrD39BcEPxROZ

MITRE ATT&CK Matrix

Tasks