General

  • Target

    1645c2363ce737ed44c495400344f843f1ddc7cf913a682694b5e2683f1d8a95

  • Size

    326KB

  • Sample

    240803-aaxqkswcmq

  • MD5

    507b8693f8cec7b03f1da71c816e97fe

  • SHA1

    ddd0beddab6804abcf59f3c167d6079fc36a38ef

  • SHA256

    1645c2363ce737ed44c495400344f843f1ddc7cf913a682694b5e2683f1d8a95

  • SHA512

    8da841fed2f0ea1d41219b506dfee26d3b6d5b1a2e6c5eac1be0589637a3e1646215a0d87f98b3750db4de050d47d51144b6cc3d4e33072d9be9b74272097da5

  • SSDEEP

    6144:SCGaECnpAoDO1A8dg3iTPJLMfgQZX+tJs0dxMSz:DGHCnaomAEg3uPdkgOX+tZdxMSz

Malware Config

Extracted

Family

cobaltstrike

C2

http://43.142.138.45:10002/uKe8

Attributes
  • user_agent

    User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2)

Targets

    • Target

      1645c2363ce737ed44c495400344f843f1ddc7cf913a682694b5e2683f1d8a95

    • Size

      326KB

    • MD5

      507b8693f8cec7b03f1da71c816e97fe

    • SHA1

      ddd0beddab6804abcf59f3c167d6079fc36a38ef

    • SHA256

      1645c2363ce737ed44c495400344f843f1ddc7cf913a682694b5e2683f1d8a95

    • SHA512

      8da841fed2f0ea1d41219b506dfee26d3b6d5b1a2e6c5eac1be0589637a3e1646215a0d87f98b3750db4de050d47d51144b6cc3d4e33072d9be9b74272097da5

    • SSDEEP

      6144:SCGaECnpAoDO1A8dg3iTPJLMfgQZX+tJs0dxMSz:DGHCnaomAEg3uPdkgOX+tZdxMSz

    • Cobaltstrike

      Detected malicious payload which is part of Cobaltstrike.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks