General
-
Target
36f68f4836362d94e2f0e25720c26bb9bc60a4bc9533e94d3c164814269e476e
-
Size
217KB
-
Sample
201113-qe5njlq7y6
-
MD5
d920230acdc464d60e0448494ca51cdb
-
SHA1
89e02ba5ed35daefcc464ed29a15108224f938a7
-
SHA256
36f68f4836362d94e2f0e25720c26bb9bc60a4bc9533e94d3c164814269e476e
-
SHA512
6e68d62c4c89a0378b9e968c68061e2f98d26181bfcd957d3ce5f1590166ec58c0cbbdd112636705c6fae83de23e2604c94cad3e4ccf9695188a5c178f8817b4
Static task
static1
Behavioral task
behavioral1
Sample
36f68f4836362d94e2f0e25720c26bb9bc60a4bc9533e94d3c164814269e476e.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
36f68f4836362d94e2f0e25720c26bb9bc60a4bc9533e94d3c164814269e476e.exe
Resource
win10v20201028
Malware Config
Extracted
cobaltstrike
http://mn.service1updater.com:443/as
http://nm.service1updater.com:443/as
http://rf.service1updater.com:443/as
-
access_type
512
-
beacon_type
2048
-
dns_idle
4.25748544e+08
-
dns_sleep
1.879048192e+09
-
host
mn.service1updater.com,/as,nm.service1updater.com,/as,rf.service1updater.com,/as
-
http_header1
AAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAASQWNjZXB0OiBpbWFnZS9qcGVnAAAACgAAABZBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTAAAABwAAAAAAAAADAAAAAwAAAAIAAAAMcmVnX2ZiX2dhdGU9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_header2
AAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAAZQWNjZXB0LUVuY29kaW5nOiBnemlwLCBicgAAAAoAAAAYQ29udGVudC1UeXBlOiB0ZXh0L3BsYWluAAAABwAAAAEAAAAIAAAAAwAAAAQAAAAHAAAAAAAAAAMAAAACAAAADl9fc2Vzc2lvbl9faWQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_method1
GET
-
http_method2
POST
-
jitter
9472
-
maxdns
246
-
polling_time
57490
-
port_number
443
-
sc_process32
%windir%\syswow64\WUAUCLT.exe
-
sc_process64
%windir%\sysnative\WUAUCLT.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqR+Brgt7qpJEDFlNzRXJ3U32Ai83RELHU2iauyt2G61YyzSjF9redov1RZwDiiGhTExKympX6Tf1sfYD8kZ9R641I12Y4PPHQ479FNccYmQJUYFPO/DX6451dGK34TGi+dE1B+9nOAiBtR6pXZnv0duYZBd4xvYjY9LgmAgPO0QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4.272630272e+09
-
unknown2
AAAABAAAAAIAAAFSAAAAAwAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/dz
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_2) AppleWebKit/601.3.9 (KHTML, like Gecko) Version/9.0.2 Safari/601.3.9
Targets
-
-
Target
36f68f4836362d94e2f0e25720c26bb9bc60a4bc9533e94d3c164814269e476e
-
Size
217KB
-
MD5
d920230acdc464d60e0448494ca51cdb
-
SHA1
89e02ba5ed35daefcc464ed29a15108224f938a7
-
SHA256
36f68f4836362d94e2f0e25720c26bb9bc60a4bc9533e94d3c164814269e476e
-
SHA512
6e68d62c4c89a0378b9e968c68061e2f98d26181bfcd957d3ce5f1590166ec58c0cbbdd112636705c6fae83de23e2604c94cad3e4ccf9695188a5c178f8817b4
Score10/10 -