General
-
Target
36382cb8a44d0d57f51c2eae1e6e8eb89f37512058afed612b79976258abd90f
-
Size
2.5MB
-
Sample
241222-r4dy1a1rgk
-
MD5
f3d57e4d98f65b200694013d60d1253c
-
SHA1
91ec3513340865c9d47524d4412f9ab36884d950
-
SHA256
36382cb8a44d0d57f51c2eae1e6e8eb89f37512058afed612b79976258abd90f
-
SHA512
3dcfbb009e75b21900f14f61b839c29896546615bd36b15ffab2caa5f1d080ca5d2f1a386ebd65d04a0807312435d80cd318e84c68dd8e34a7d3ac8cfeda9f97
-
SSDEEP
49152:Zi4EplOgrb/TcvO90dL3BmAFd4A64nsfJbKCkqCpgaKLRdD1VDU/LzGPyDPPpaF3:Zi4EO6KSL4/Lz2qPxKpaG
Malware Config
Extracted
cobaltstrike
http://www.datestics.com:443/api/Data
-
user_agent
Host: www.datestics.com User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; Avant Browser)
Extracted
cobaltstrike
0
-
watermark
0
Extracted
cobaltstrike
999999
http://www.datestics.com:443/apis/add
-
access_type
512
-
beacon_type
2048
-
host
www.datestics.com,/apis/add
-
http_header1
AAAAEAAAABdIb3N0OiB3d3cuZGF0ZXN0aWNzLmNvbQAAAAcAAAAAAAAAAwAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAAEAAAABdIb3N0OiB3d3cuZGF0ZXN0aWNzLmNvbQAAAAcAAAAAAAAADAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
443
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCZ+R5T71scOwV6el1A7DEvNtsklXeBuzbRRna4KI5AvQNAbo4I2dTj002tl7un5kHUte2Wo1vpphB3gChzlIAXUN6oUMjA/sgJYS3EPTk2SIgJCJ7+TNUcQJsVIBcmgySo/C8yh4C51NLWZHrodvYxrwjdzcr0Ye3ZCaisjsky0QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/apis/delete
-
user_agent
Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; Touch)
-
watermark
999999
Targets
-
-
Target
36382cb8a44d0d57f51c2eae1e6e8eb89f37512058afed612b79976258abd90f
-
Size
2.5MB
-
MD5
f3d57e4d98f65b200694013d60d1253c
-
SHA1
91ec3513340865c9d47524d4412f9ab36884d950
-
SHA256
36382cb8a44d0d57f51c2eae1e6e8eb89f37512058afed612b79976258abd90f
-
SHA512
3dcfbb009e75b21900f14f61b839c29896546615bd36b15ffab2caa5f1d080ca5d2f1a386ebd65d04a0807312435d80cd318e84c68dd8e34a7d3ac8cfeda9f97
-
SSDEEP
49152:Zi4EplOgrb/TcvO90dL3BmAFd4A64nsfJbKCkqCpgaKLRdD1VDU/LzGPyDPPpaF3:Zi4EO6KSL4/Lz2qPxKpaG
Score10/10-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
Cobaltstrike family
-