General
-
Target
e61c59b4c439efa60a4dcf594c9169a0654eb88d8572a3a347de1fc76678bd33
-
Size
282KB
-
Sample
201111-da6d3ta4qn
-
MD5
736cbf4e5d86772965db0b0ed4e4b9e2
-
SHA1
c2701cfc2a650dfee8b5615216d161629662f9b3
-
SHA256
e61c59b4c439efa60a4dcf594c9169a0654eb88d8572a3a347de1fc76678bd33
-
SHA512
7dccb38ed0c9662a2456a115921d3620efc387b59f22c30e3af870835b5aff15f1d20507403e1c5c97622cd9a379a847b458e073489fae886e4b35b619f48eab
Static task
static1
Behavioral task
behavioral1
Sample
e61c59b4c439efa60a4dcf594c9169a0654eb88d8572a3a347de1fc76678bd33.dll
Resource
win7v20201028
Behavioral task
behavioral2
Sample
e61c59b4c439efa60a4dcf594c9169a0654eb88d8572a3a347de1fc76678bd33.dll
Resource
win10v20201028
Malware Config
Extracted
cobaltstrike
http://xnjscdn.com:443/508/extra.html
-
access_type
512
-
beacon_type
2048
-
create_remote_thread
768
-
dns_idle
1.34744072e+08
-
dns_sleep
1.17440512e+09
-
host
xnjscdn.com,/508/extra.html
-
http_header1
AAAABwAAAAAAAAANAAAABQAAAAZjcmVhdGUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_header2
AAAABwAAAAAAAAADAAAAAgAAAAZ0b2tlbj0AAAAGAAAABkNvb2tpZQAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_method1
GET
-
http_method2
POST
-
jitter
3840
-
maxdns
231
-
pipe_name
\\%s\pipe\tjpw_#
-
polling_time
60000
-
port_number
443
-
sc_process32
%windir%\syswow64\conhost.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDMBvwSPImgtlkCMnPyQog7xlp5Ci5OFj2Hyb/B4I+tm2QqqS28DK8DSSShrUwHZA2fOmY4Wc5PkS9XW/6gEWFJNWnZPjPBtJ0DNNOwvhvAvR4Rfvx3O2sh1mwpoHwO8rZLcyHK2SLhoLq1P2mP8z4ZjUoxgurSzN94Is5QKxGLbwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/typo/contacto.htm
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36
Targets
-
-
Target
e61c59b4c439efa60a4dcf594c9169a0654eb88d8572a3a347de1fc76678bd33
-
Size
282KB
-
MD5
736cbf4e5d86772965db0b0ed4e4b9e2
-
SHA1
c2701cfc2a650dfee8b5615216d161629662f9b3
-
SHA256
e61c59b4c439efa60a4dcf594c9169a0654eb88d8572a3a347de1fc76678bd33
-
SHA512
7dccb38ed0c9662a2456a115921d3620efc387b59f22c30e3af870835b5aff15f1d20507403e1c5c97622cd9a379a847b458e073489fae886e4b35b619f48eab
Score10/10 -