General

  • Target

    03082024_0346_19072023_修复补丁.zip

  • Size

    233KB

  • Sample

    240803-ebnxaaxapd

  • MD5

    37a6179746a042ae589dbae72b8b97ef

  • SHA1

    a98daf1f9aeebee82de4d9fd00a5d5d491b8f615

  • SHA256

    84a318a1d014c40307f61dc7d39b948def9e9d7e80be96086c11dae6b9c7e648

  • SHA512

    d8be486a600a5dff8ee2617dd37ce3887c5e1822b6eb80d413577b91a27de3786e4620707910231f1fd16ac6a90e05c49eed881ea5cfd56027576e6eff7f9323

  • SSDEEP

    6144:1al9CpVjkL9DPW9xuaJfdxJgxyvJ10vJDQJkgOV:12iYLBPW9xl3rkxYkRV

Malware Config

Extracted

Family

cobaltstrike

C2

http://admin.govcenter.co:8443/jquery-3.3.2.slim.min.js

Attributes
  • user_agent

    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Host: admin.govcenter.co Referer: http://code.jquery.com/ Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko

Targets

    • Target

      chongchongchong_6lNg.exe

    • Size

      445KB

    • MD5

      80eedd58115dd8d27c8944b4efcb1b5e

    • SHA1

      080a8aece02624bbb2634c2a202c0eb430b17d37

    • SHA256

      9400d091d0eaf093aad3fa3d0267739c66aa18b2282333e7e25bc0ff9145f16b

    • SHA512

      7f72925bb0f24159994c3ecfe828ac5474c7d0c10f119a91fd8036db08cdc55a95a3dc90bb91653cb6f6b34b35a73b0e50bf624ddc542f50289f326611022590

    • SSDEEP

      12288:zjBL93rtU8PTAFfJsjFGBODhOtp81ELw:zR9ZN8vsqIgKEL

    • Cobaltstrike

      Detected malicious payload which is part of Cobaltstrike.

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks