General
-
Target
f0643ab083d8a3905bd1551cf4d9e37c.exe
-
Size
1.9MB
-
Sample
201105-36knzybbs6
-
MD5
f0643ab083d8a3905bd1551cf4d9e37c
-
SHA1
cf62c0c2036ca9493a718910785a47a6ef27e1e9
-
SHA256
dc504935b4a0f6059ba40c20803c7cf22b5c3a5f0b20226e36003df979bcbd4a
-
SHA512
e446827fc5637a95b2154d08ef97555cf59a5a9f14a291a0cdecd5bdfc711f28ca1b68c93cc69bbbf1f24f0c0b8da2a313156af45969def717853eab86778681
Static task
static1
Behavioral task
behavioral1
Sample
f0643ab083d8a3905bd1551cf4d9e37c.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
f0643ab083d8a3905bd1551cf4d9e37c.exe
Resource
win10v20201028
Malware Config
Extracted
metasploit
windows/download_exec
http://backup-leader.com:443/image-directory/admin.png
Extracted
cobaltstrike
http://mn.backup-leader.com:443/nl
http://nm.backup-leader.com:443/nl
http://ws.backup-leader.com:443/gv
-
access_type
512
-
beacon_type
2048
-
dns_idle
5.56470866e+08
-
dns_sleep
2.26492416e+09
-
host
mn.backup-leader.com,/nl,nm.backup-leader.com,/nl,ws.backup-leader.com,/gv
-
http_header1
AAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAcAAAAAAAAACwAAAAMAAAACAAAAA2x1PQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_header2
AAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAAvQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQAAAAHAAAAAQAAAAMAAAADAAAAAgAAAAVjb3B5PQAAAAQAAAAHAAAAAAAAAAMAAAACAAAADl9fc2Vzc2lvbl9faWQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_method1
GET
-
http_method2
POST
-
jitter
9984
-
maxdns
242
-
polling_time
64166
-
port_number
443
-
sc_process32
%windir%\syswow64\WUAUCLT.exe
-
sc_process64
%windir%\sysnative\WUAUCLT.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCV+EMFzgcTWtUwz7qH5kVvpPpxb4hdQlFHdXZjeNP784OU3cffIQSmKPly6yRwHPBxN5a3PEDE5c9Je4PLZgeYRqAZYZNZysu56NePpcXXLMoUBN3pRhF48a+fyV35EUltWSA9kmM9yTR7lF+ZvgoXnCHH1141/qw0CrvFtCrFoQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4.43751424e+08
-
unknown2
AAAABAAAAAIAAAFSAAAAAwAAAA0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/styles
-
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.246
Targets
-
-
Target
f0643ab083d8a3905bd1551cf4d9e37c.exe
-
Size
1.9MB
-
MD5
f0643ab083d8a3905bd1551cf4d9e37c
-
SHA1
cf62c0c2036ca9493a718910785a47a6ef27e1e9
-
SHA256
dc504935b4a0f6059ba40c20803c7cf22b5c3a5f0b20226e36003df979bcbd4a
-
SHA512
e446827fc5637a95b2154d08ef97555cf59a5a9f14a291a0cdecd5bdfc711f28ca1b68c93cc69bbbf1f24f0c0b8da2a313156af45969def717853eab86778681
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-