General
-
Target
780e094f58b79d1e36bea73f8d51d794932c0e4e3ff2129ba8c08b5667a05f8a
-
Size
204KB
-
Sample
201111-kkberw7xwx
-
MD5
1774e47878695044939263df2d589f73
-
SHA1
572eb65284497e34a84f844f27bb6d70d173c3f8
-
SHA256
780e094f58b79d1e36bea73f8d51d794932c0e4e3ff2129ba8c08b5667a05f8a
-
SHA512
c360a6f6c8ae13675cd1b9183905baa4c146463fdcf543d69bc8d056314c1e5b9a7d0ecc812a7baade8aaa7539f80461da53598768e1eb9ca656e8f0a2afa3a4
Static task
static1
Behavioral task
behavioral1
Sample
780e094f58b79d1e36bea73f8d51d794932c0e4e3ff2129ba8c08b5667a05f8a.dll
Resource
win7v20201028
Behavioral task
behavioral2
Sample
780e094f58b79d1e36bea73f8d51d794932c0e4e3ff2129ba8c08b5667a05f8a.dll
Resource
win10v20201028
Malware Config
Extracted
cobaltstrike
http://31.44.184.48:80/load
-
access_type
512
-
host
31.44.184.48,/load
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_method1
GET
-
http_method2
POST
-
maxdns
255
-
polling_time
60000
-
port_number
80
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCT42RZXDkOt4TBaANg7RggQbQZgKIt9JoHuhWGb5HcZdWd3ZmoqFQuFJ53NsjMvGrDkwxGokAV2GaGhCCb1GHK1NigI6uBcokE6seiXhny94nDmEEu4EEdYyFgLrsswJ04NA8tnIQD11iUz7XxzwocHN1161Yj66YCBK61DUomQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0; BOIE9;ENUS)
Targets
-
-
Target
780e094f58b79d1e36bea73f8d51d794932c0e4e3ff2129ba8c08b5667a05f8a
-
Size
204KB
-
MD5
1774e47878695044939263df2d589f73
-
SHA1
572eb65284497e34a84f844f27bb6d70d173c3f8
-
SHA256
780e094f58b79d1e36bea73f8d51d794932c0e4e3ff2129ba8c08b5667a05f8a
-
SHA512
c360a6f6c8ae13675cd1b9183905baa4c146463fdcf543d69bc8d056314c1e5b9a7d0ecc812a7baade8aaa7539f80461da53598768e1eb9ca656e8f0a2afa3a4
Score10/10-
ServiceHost packer
Detects ServiceHost packer used for .NET malware
-