General
-
Target
PL64.dll
-
Size
192KB
-
Sample
201116-j74swxz37a
-
MD5
5a710e940d55b74ddba422b0721a073a
-
SHA1
c206d9d1cfa9dda15c89dade8725549eb9c50627
-
SHA256
779f5fa30734c1e35d61d0bad3961c60acd3553c33d91f057115be823ab54927
-
SHA512
227a35b52c4c82962b18b5981a74e73e24ee49530bede8a3ae6c5228b92829c993454bf6c2f76f3559bed357302ca4ddaa184207eed5970c1cf1f49e11a2b42a
Static task
static1
Behavioral task
behavioral1
Sample
PL64.dll
Resource
win10v20201028
Behavioral task
behavioral2
Sample
PL64.dll
Resource
win10v20201028
Behavioral task
behavioral3
Sample
PL64.dll
Resource
android-x86-avd1
Behavioral task
behavioral4
Sample
PL64.dll
Resource
win10v20201028
Behavioral task
behavioral5
Sample
PL64.dll
Resource
win7v20201028
Malware Config
Extracted
metasploit
windows/download_exec
http://driversna.com:443/files/tab_shop.png
Extracted
cobaltstrike
http://er.driversna.com:443/fo
http://df.driversna.com:443/fo
http://cv.driversna.com:443/fo
-
access_type
512
-
beacon_type
2048
-
dns_idle
4.5673843e+07
-
dns_sleep
1.694498816e+09
-
host
er.driversna.com,/fo,df.driversna.com,/fo,cv.driversna.com,/fo
-
http_header1
AAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAcAAAAAAAAACwAAAAMAAAACAAAABUhTSUQ9AAAABgAAAAZDb29raWUAAAAJAAAADmRicHJlZml4PWZhbHNlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_header2
AAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAAVQWNjZXB0LUVuY29kaW5nOiBnemlwAAAACgAAAC9Db250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZAAAAAcAAAABAAAACAAAAAMAAAACAAAACWRicHJlZml4PQAAAAQAAAAHAAAAAAAAAAMAAAACAAAADl9fc2Vzc2lvbl9faWQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_method1
GET
-
http_method2
POST
-
jitter
10496
-
maxdns
255
-
polling_time
59957
-
port_number
443
-
sc_process32
%windir%\syswow64\regsvr32.exe
-
sc_process64
%windir%\sysnative\regsvr32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCjAX68sewYZJjpqnXffGvEpuKnWAUCV3KlxJ4CoM+2HFSmT00/IHjJUOYEXMrClE5CUDj2v8aGxUtojZBY8FlfcpQ3e57Qu70ZSp2CoiGaMF9vRza/16UqA1giNQESZorQf962VJoNg/SKqWaZC+nFzkaUbDRebBcHK5lCw4qjbwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4.272630272e+09
-
unknown2
AAAABAAAAAIAAAFSAAAAAwAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/eo
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_2) AppleWebKit/601.3.9 (KHTML, like Gecko) Version/9.0.2 Safari/601.3.9
Targets
-
-
Target
PL64.dll
-
Size
192KB
-
MD5
5a710e940d55b74ddba422b0721a073a
-
SHA1
c206d9d1cfa9dda15c89dade8725549eb9c50627
-
SHA256
779f5fa30734c1e35d61d0bad3961c60acd3553c33d91f057115be823ab54927
-
SHA512
227a35b52c4c82962b18b5981a74e73e24ee49530bede8a3ae6c5228b92829c993454bf6c2f76f3559bed357302ca4ddaa184207eed5970c1cf1f49e11a2b42a
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-