General
-
Target
4fe5cd7c6dbb785b3009a93132e432d13db53abf1e50fd500074a5f54ef73427
-
Size
219KB
-
Sample
201114-2rlgbqeksx
-
MD5
f4f9a6fe7876ec913ce1fd84fca8ec77
-
SHA1
d848e1ee63c1215e5c8be1345b24eeac76bc4af9
-
SHA256
4fe5cd7c6dbb785b3009a93132e432d13db53abf1e50fd500074a5f54ef73427
-
SHA512
a0be514a167ae56d37d3837873720f01bd05ac0cd4f84587f67e9381a5c159f1ed70cb27c651e0b528ea0365a0b9d30b838d28e044bc8b93feed67317d7fc5c9
Static task
static1
Behavioral task
behavioral1
Sample
4fe5cd7c6dbb785b3009a93132e432d13db53abf1e50fd500074a5f54ef73427.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
4fe5cd7c6dbb785b3009a93132e432d13db53abf1e50fd500074a5f54ef73427.exe
Resource
win10v20201028
Malware Config
Extracted
cobaltstrike
http://117.51.152.192:443/da
-
access_type
512
-
beacon_type
2048
-
dns_idle
1.993222846e+09
-
dns_sleep
2.365587456e+09
-
host
117.51.152.192,/da
-
http_header1
AAAAEAAAABFIb3N0OiB0ZW5jZW50LmNvbQAAAAoAAAARQ29ubmVjdGlvbjogY2xvc2UAAAAKAAAAD0FjY2VwdDogaW1hZ2UvKgAAAAoAAAAlQWNjZXB0LUxhbmd1YWdlOiBlbi1HQjtxPTAuOSwgKjtxPTAuNwAAAAcAAAAAAAAAAwAAAAMAAAACAAAANXdvcmRwcmVzc19sb2dnZWRfaW5fMTg3MGE4MjlkOWJjNjlhYmY1MDBlY2E2ZjAwMjQxZmU9AAAABgAAAAZDb29raWUAAAAJAAAADmRicHJlZml4PWZhbHNlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_header2
AAAAEAAAABFIb3N0OiB0ZW5jZW50LmNvbQAAAAoAAAARQ29ubmVjdGlvbjogY2xvc2UAAAAKAAAAFkFjY2VwdC1MYW5ndWFnZTogZW4tVVMAAAAKAAAAL0NvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkAAAABwAAAAEAAAANAAAAAwAAAAIAAAAGYmxvY2s9AAAABAAAAAcAAAAAAAAAAwAAAAIAAAAOX19zZXNzaW9uX19pZD0AAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_method1
GET
-
http_method2
POST
-
jitter
10496
-
maxdns
255
-
polling_time
56818
-
port_number
443
-
sc_process32
%windir%\syswow64\WUAUCLT.exe
-
sc_process64
%windir%\sysnative\WUAUCLT.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCSyixp/1MR40k2XM26eskni/ZniCYSgKUavTYvl3uoae4ijqlJa99Fj6c4x3b4ydUdhBdcgy+wFJwM0CFDOh8EiCVkNKIxdlN55NUQf9xQcENYNlcSSfTAJHWgs037xn94HeUAHYGsVCtYb//LEAoDolMi6d9te8VrUMrR5QsNJwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
7.8457344e+07
-
unknown2
AAAABAAAAAIAAAJYAAAAAwAAAAsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/as
-
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.246
Targets
-
-
Target
4fe5cd7c6dbb785b3009a93132e432d13db53abf1e50fd500074a5f54ef73427
-
Size
219KB
-
MD5
f4f9a6fe7876ec913ce1fd84fca8ec77
-
SHA1
d848e1ee63c1215e5c8be1345b24eeac76bc4af9
-
SHA256
4fe5cd7c6dbb785b3009a93132e432d13db53abf1e50fd500074a5f54ef73427
-
SHA512
a0be514a167ae56d37d3837873720f01bd05ac0cd4f84587f67e9381a5c159f1ed70cb27c651e0b528ea0365a0b9d30b838d28e044bc8b93feed67317d7fc5c9
Score10/10 -