General
-
Target
296f5b56d7166919f725ed5f2899a72bb9b1500d0ed1fa44c32c6621c436cd4c
-
Size
282KB
-
Sample
201112-qbhqlvxyfj
-
MD5
94cb48712e3f5c9b475b5eab670fbdb7
-
SHA1
525aa85d56b4d6bbc732891f90ce6bf97b17f635
-
SHA256
296f5b56d7166919f725ed5f2899a72bb9b1500d0ed1fa44c32c6621c436cd4c
-
SHA512
03c4a035f16822b670e57f0e1b2cdb1a1bc325e35626167eda0501551e95e8cb707d105a4702eb8e06988ea09f7a343dc5712673d7aba4e66409c4f399b28612
Static task
static1
Behavioral task
behavioral1
Sample
296f5b56d7166919f725ed5f2899a72bb9b1500d0ed1fa44c32c6621c436cd4c.dll
Resource
win7v20201028
Behavioral task
behavioral2
Sample
296f5b56d7166919f725ed5f2899a72bb9b1500d0ed1fa44c32c6621c436cd4c.dll
Resource
win10v20201028
Malware Config
Extracted
cobaltstrike
http://xnjscdn.com:443/508/extra.html
-
access_type
512
-
beacon_type
2048
-
create_remote_thread
768
-
dns_idle
1.34744072e+08
-
dns_sleep
1.17440512e+09
-
host
xnjscdn.com,/508/extra.html
-
http_header1
AAAABwAAAAAAAAANAAAABQAAAAZjcmVhdGUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_header2
AAAABwAAAAAAAAADAAAAAgAAAAZ0b2tlbj0AAAAGAAAABkNvb2tpZQAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_method1
GET
-
http_method2
POST
-
jitter
3840
-
maxdns
231
-
pipe_name
\\%s\pipe\tjpw_#
-
polling_time
60000
-
port_number
443
-
sc_process32
%windir%\syswow64\conhost.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDMBvwSPImgtlkCMnPyQog7xlp5Ci5OFj2Hyb/B4I+tm2QqqS28DK8DSSShrUwHZA2fOmY4Wc5PkS9XW/6gEWFJNWnZPjPBtJ0DNNOwvhvAvR4Rfvx3O2sh1mwpoHwO8rZLcyHK2SLhoLq1P2mP8z4ZjUoxgurSzN94Is5QKxGLbwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/typo/contacto.htm
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36
Targets
-
-
Target
296f5b56d7166919f725ed5f2899a72bb9b1500d0ed1fa44c32c6621c436cd4c
-
Size
282KB
-
MD5
94cb48712e3f5c9b475b5eab670fbdb7
-
SHA1
525aa85d56b4d6bbc732891f90ce6bf97b17f635
-
SHA256
296f5b56d7166919f725ed5f2899a72bb9b1500d0ed1fa44c32c6621c436cd4c
-
SHA512
03c4a035f16822b670e57f0e1b2cdb1a1bc325e35626167eda0501551e95e8cb707d105a4702eb8e06988ea09f7a343dc5712673d7aba4e66409c4f399b28612
Score10/10 -