Overview

overview

10

Static

static

5

20240923_install.exe

windows7-x64

5

20240923_install.exe

windows10-2004-x64

5

240923名�...��.exe

windows7-x64

1

240923名�...��.exe

windows10-2004-x64

5

img01.exe

windows7-x64

1

img01.exe

windows10-2004-x64

1

加班调�...��.exe

windows7-x64

5

加班调�...��.exe

windows10-2004-x64

5

本单位2.... .exe

windows7-x64

1

本单位2.... .exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5x(24-09-24).7z

  • Size

    3.0MB

  • Sample

    240924-j88eea1bkg

  • MD5

    c9f403ca0594fe13ab230de07d92e003

  • SHA1

    8f79b476bcf8e025a0201deeb3d58d24f733d22a

  • SHA256

    cfc1155f576b0a19d0751b0ae796e7db156ebc7ee8bfa38a735d6856351e2336

  • SHA512

    655bdb7e5b4fc9e4d4fe2781b926263e36c77bad9f4432a4ceabdc529509644fd49e0c8c293194323b4b8ff3af8a1b0d9abacf7c641772de2aa417a003382888

  • SSDEEP

    49152:5wCFw45SjRfbTim4+D7RiqZoKFxdX7EF7O368pvKboJMV4X7Ggy3jhUT2EkgBccj:BFDoRfbTXxDdoKFxdXYFK6AtJlX7DShy

Score
10/10
cobaltstrikebackdoordiscoverytrojanupx

Malware Config

Extracted

Family

cobaltstrike

C2

http://8.219.180.167:443/zyzyz

Attributes
  • user_agent

    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MDDCJS)

Targets

    • Target

      20240923_install.exe

    • Size

      6.1MB

    • MD5

      af3b09dc8f43ff7698b730ff6b784ad7

    • SHA1

      64b493ed97860eb865e8d43f51c1adf81dd712c9

    • SHA256

      afd5e03f10dbda275fc21e9e6b2387c99ee8f5977df22cd395082b9f825a2623

    • SHA512

      edf170607e74fbbabc29ff50efb2be30baa0e12a231e9ab131380ef842ce4e7874b2e03fd6acabd2b9f05a33ee1b855c3afccc43cecfbbf2b213acae65dc6efe

    • SSDEEP

      98304:efRnOrG2ohf0kGVrr0K4aueL2hbiD9kl7fIJJDKnD0F9OuuJFVyYU8tK:epeGjhMk60gTwbi6IoM9O3JFV5U8tK

    Score
    5/10

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      240923名录手册.exe

    • Size

      6.3MB

    • MD5

      18f3080e28eaebcd43c74f4697fc48cc

    • SHA1

      4164491b4b955362d5d77652f6f3e08f2f5e7ac3

    • SHA256

      a9e6409722eb63eb44c256a1d95bab37af27c4b822464896f9e953a151930308

    • SHA512

      8a028a5bdcf9ea20d879af1da0b84898bf2c584789c368fc320ffe7505d9cca443670198fedb7934af58d626f323e8892d5e89da11983fc00a67a331f1e1a13c

    • SSDEEP

      98304:Cv6fRnOrGoJFVyYU8ohf0kGVrr0K4aueL2hYtIvf+xmVVHtMlhh:Q6peGoJFV5UxhMk60gTw6xf

    Score
    5/10

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

    • Target

      img01.exe

    • Size

      6KB

    • MD5

      b4ea6d5ce89b63fc8b32865693945100

    • SHA1

      00fb8a0a94153b011fb91c807e6f6a56cdb09815

    • SHA256

      f996183b6993ffcd3f1aae9d066514ab0bac96efc62cc322ca6336787acc00d6

    • SHA512

      1088d9e747b2834615daacf382ba169f8e124f5d8a2642e3ae2997db802758957c016f135f8217ae7ebd7945419e8a76cb99468680f3cdb78e7578d8743b707e

    • SSDEEP

      96:OUSEEHxtBqRef+hwrEH7808PP+1YF+VQXu9ozNt:W5HLBqRRvbx8P21VQe9q

    Score
    1/10
    behavioral5behavioral6

    • Target

      加班调休政策更新通知.exe

    • Size

      232KB

    • MD5

      02fa9a069efdeb0c61592366bb656c6a

    • SHA1

      1d48f2d485f63d78012050616f1cb76a6688fdf9

    • SHA256

      1ef89f1692f66fda6ec4eea2ac7304e9c7f7cb280ccddbdc1f33a68cf2fe10e3

    • SHA512

      1bcda0da4b5df387f793f4ee7b2c30f50ed203422fbba5bbd773eae3cc6026e778509c4da4b1d33239cad151c011331129db6cae514e969a5ca5bf070c9d0e8d

    • SSDEEP

      768:hEzEj8kHiepqugnvnpIFDTs58MJtozOqD4xfr9lKVkE1us+yL:hEA7iepvg8U53/42rjf0uUL

    Score
    5/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral7behavioral8

    • Target

      本单位2024年上半年工作总结和下半年工作安排.docx ... .exe

    • Size

      365KB

    • MD5

      447eedd0ca8f3f5901f515e87fe3c279

    • SHA1

      5abbbfdc3174ba565a8abe1636c4a940bc3d23f1

    • SHA256

      3a3e0512b921fb5ccc231e0cbcaef12f3924eee35506f5813f4832e9cde5977d

    • SHA512

      e316e3c20af47b2502a6674dd1ee8291fc57ee16fa051092b213525e8577ae7d60d05cc0d7ab6e8d7c8f5f56dde29e859ecf3404afdd2c73be7e4d63507e2fcc

    • SSDEEP

      6144:urMliwGQNb5f6XzW+AQOn+LrttHvAUzG5Eq:qgPHf66TQxPPHTG5Eq

    Score
    10/10
    cobaltstrikebackdoordiscoverytrojan

    • Cobaltstrike

      Detected malicious payload which is part of Cobaltstrike.

      trojanbackdoorcobaltstrike

    • Network Service Discovery

      Attempt to gather information on host's network.

      discovery
    behavioral10behavioral9

MITRE ATT&CK Enterprise v15

Tasks