General
-
Target
46693e0208c7bacac357ec9a2d0e84f7.exe
-
Size
1.9MB
-
Sample
201105-bt1apb9wx2
-
MD5
46693e0208c7bacac357ec9a2d0e84f7
-
SHA1
36ea5100df30506ba8972bf2782772ffa19f2224
-
SHA256
fb780f623a78c9b5aa8a279430731b84d0efe937ea5684f80182e4f896e8e288
-
SHA512
0d4fd6a48d9e304a6c8f2d473da695ecf5a5820c22e104bbb45319cc4fea299810cc62f6216e4dcd9d1610dde496e3714f73a64097c5cc8da2be5c07e534ee10
Static task
static1
Behavioral task
behavioral1
Sample
46693e0208c7bacac357ec9a2d0e84f7.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
46693e0208c7bacac357ec9a2d0e84f7.exe
Resource
win10v20201028
Malware Config
Extracted
metasploit
windows/download_exec
http://bakcup-monster.com:443/static-directory/ro.png
Extracted
cobaltstrike
http://mn.bakcup-monster.com:443/remove
http://nm.bakcup-monster.com:443/remove
http://ws.bakcup-monster.com:443/remove
-
access_type
512
-
beacon_type
2048
-
dns_idle
3.731859462e+09
-
dns_sleep
2.5165824e+09
-
host
mn.bakcup-monster.com,/remove,nm.bakcup-monster.com,/remove,ws.bakcup-monster.com,/remove
-
http_header1
AAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAASQWNjZXB0OiBpbWFnZS9qcGVnAAAACgAAABNBY2NlcHQtRW5jb2Rpbmc6IGJyAAAABwAAAAAAAAADAAAAAwAAAAIAAAAMcmVnX2ZiX2dhdGU9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_header2
AAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAAVQWNjZXB0LUVuY29kaW5nOiBnemlwAAAACgAAAC9Db250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZAAAAAcAAAABAAAADwAAAAMAAAACAAAAB1dQTEFORz0AAAAEAAAABwAAAAAAAAADAAAAAgAAAA5fX3Nlc3Npb25fX2lkPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_method1
GET
-
http_method2
POST
-
jitter
9984
-
maxdns
247
-
polling_time
57861
-
port_number
443
-
sc_process32
%windir%\syswow64\regsvr32.exe
-
sc_process64
%windir%\sysnative\regsvr32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCNPfWcRLa4mEhhiLv4fEPpvSNkabkgwAzQ+wUb8SfETsaN7aUTlm6sPu9BfmOdcdLlFP729nwzyEo4oaCuskBe28G/g5Mf76yNI/7eZEWHlfwU0nsVWO/XPek7XqyWJAmfTjn80TsQhEoZvvlQ7iiJRxpWn/YkOZQbEKlUtehNQQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
5.10860288e+08
-
unknown2
AAAABAAAAAIAAAFSAAAAAwAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/jp
-
user_agent
Mozilla/5.0 (Linux; Android 6.0; HTC One X10 Build/MRA58K; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0
Targets
-
-
Target
46693e0208c7bacac357ec9a2d0e84f7.exe
-
Size
1.9MB
-
MD5
46693e0208c7bacac357ec9a2d0e84f7
-
SHA1
36ea5100df30506ba8972bf2782772ffa19f2224
-
SHA256
fb780f623a78c9b5aa8a279430731b84d0efe937ea5684f80182e4f896e8e288
-
SHA512
0d4fd6a48d9e304a6c8f2d473da695ecf5a5820c22e104bbb45319cc4fea299810cc62f6216e4dcd9d1610dde496e3714f73a64097c5cc8da2be5c07e534ee10
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-