General
-
Target
6c42cf467d6bf3aad0153d81f925aaa0f06828781f0cd056e03ca8f5171e40fe
-
Size
217KB
-
Sample
201111-ljb6qam122
-
MD5
e7ebefcc6c56d445c20cf78a466eda81
-
SHA1
ce454a6da14dbd35227d4a609c669cb0b886479a
-
SHA256
6c42cf467d6bf3aad0153d81f925aaa0f06828781f0cd056e03ca8f5171e40fe
-
SHA512
fe5267e07a10600e7060f8c5d687a515a2b2128f80f6cad3b19f50f800e2ea597798da165b7923a098f22ab7e1333a4352b1bc5ecffccd46daa3654f4f907e7c
Static task
static1
Behavioral task
behavioral1
Sample
6c42cf467d6bf3aad0153d81f925aaa0f06828781f0cd056e03ca8f5171e40fe.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
6c42cf467d6bf3aad0153d81f925aaa0f06828781f0cd056e03ca8f5171e40fe.exe
Resource
win10v20201028
Malware Config
Extracted
cobaltstrike
http://universalec.com.zclngty.club:443/owa/
-
access_type
512
-
beacon_type
2048
-
dns_idle
1.34744072e+08
-
host
universalec.com.zclngty.club,/owa/
-
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAACGQ29va2llOiBNaWNyb3NvZnRBcHBsaWNhdGlvbnNUZWxlbWV0cnlEZXZpY2VJZD05NWMxOGQ4LTRkY2U5ODU0O0NsaWVudElkPTFDMEY2QzVEOTEwRjk7TVNQQXV0aD0zRWtBakRLakk7eGlkPTczMGJmNzt3bGE0Mj1aRzB5TXpBMktqRXMAAAAHAAAAAAAAAA0AAAAFAAAAAndhAAAACQAAAA5wYXRoPS9jYWxlbmRhcgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAcAAAABAAAADQAAAAUAAAACd2EAAAAHAAAAAAAAAA0AAAACAAAABndsYTQyPQAAAAIAAAALeGlkPTczMGJmNzsAAAACAAAAEk1TUEF1dGg9M0VrQWpES2pJOwAAAAIAAAAXQ2xpZW50SWQ9MUMwRjZDNUQ5MTBGOTsAAAACAAAAOE1pY3Jvc29mdEFwcGxpY2F0aW9uc1RlbGVtZXRyeURldmljZUlkPTk1YzE4ZDgtNGRjZTk4NTQ7AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_method1
GET
-
http_method2
GET
-
jitter
5120
-
maxdns
235
-
polling_time
30000
-
port_number
443
-
sc_process32
%windir%\syswow64\gpupdate.exe
-
sc_process64
%windir%\sysnative\gpupdate.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCaFjt+ur8edBaOugmVauUhoZuRl/X1csJ4aa5HNiVVxH+nj+tljmiIaj9JYw+dX02sXg+KraYAGaR0XRIJC7Fac+g4z8+Gce7dZTFpyQgtgE/ktBZsYlweECSXVPa7mUrUvLv9bjnn4x5woeJ388rAWdOpz5PPuFV1o0cIA+/7xwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
1.448416512e+09
-
unknown2
AAAABAAAAA0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown3
1.610612736e+09
-
uri
/OWA/
-
user_agent
Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)
Targets
-
-
Target
6c42cf467d6bf3aad0153d81f925aaa0f06828781f0cd056e03ca8f5171e40fe
-
Size
217KB
-
MD5
e7ebefcc6c56d445c20cf78a466eda81
-
SHA1
ce454a6da14dbd35227d4a609c669cb0b886479a
-
SHA256
6c42cf467d6bf3aad0153d81f925aaa0f06828781f0cd056e03ca8f5171e40fe
-
SHA512
fe5267e07a10600e7060f8c5d687a515a2b2128f80f6cad3b19f50f800e2ea597798da165b7923a098f22ab7e1333a4352b1bc5ecffccd46daa3654f4f907e7c
Score10/10 -