General
-
Target
PL32.dll
-
Size
129KB
-
Sample
201116-t719zfqesj
-
MD5
6becfb436010b3ddbf4fe7e620c26913
-
SHA1
20db1ecd4c46cca485017dcb6cab801f90da10e3
-
SHA256
3bcd733dfb7cceaf17b0685876f7b66928cb915ab99424d9d14746e4b622a853
-
SHA512
59167af88678f067d3258530f062fd99e3b4a478bfdc34937e187cd662749525a86133a01809ae1d5f90afcdd9368c182671e2ae3169019d0743cbd2b732cf55
Static task
static1
Behavioral task
behavioral1
Sample
PL32.dll
Resource
win7v20201028
Behavioral task
behavioral2
Sample
PL32.dll
Resource
win10v20201028
Malware Config
Extracted
cobaltstrike
http://er.driversna.com:443/media
http://df.driversna.com:443/fo
http://cv.driversna.com:443/media
-
access_type
512
-
beacon_type
2048
-
dns_idle
4.5673843e+07
-
dns_sleep
1.694498816e+09
-
host
er.driversna.com,/media,df.driversna.com,/fo,cv.driversna.com,/media
-
http_header1
AAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAcAAAAAAAAACwAAAAMAAAACAAAABUhTSUQ9AAAABgAAAAZDb29raWUAAAAJAAAADmRicHJlZml4PWZhbHNlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_header2
AAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAAVQWNjZXB0LUVuY29kaW5nOiBnemlwAAAACgAAAC9Db250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZAAAAAcAAAABAAAACAAAAAMAAAACAAAACWRicHJlZml4PQAAAAQAAAAHAAAAAAAAAAMAAAACAAAADl9fc2Vzc2lvbl9faWQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_method1
GET
-
http_method2
POST
-
jitter
10496
-
maxdns
255
-
polling_time
59957
-
port_number
443
-
sc_process32
%windir%\syswow64\regsvr32.exe
-
sc_process64
%windir%\sysnative\regsvr32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCjAX68sewYZJjpqnXffGvEpuKnWAUCV3KlxJ4CoM+2HFSmT00/IHjJUOYEXMrClE5CUDj2v8aGxUtojZBY8FlfcpQ3e57Qu70ZSp2CoiGaMF9vRza/16UqA1giNQESZorQf962VJoNg/SKqWaZC+nFzkaUbDRebBcHK5lCw4qjbwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4.272630272e+09
-
unknown2
AAAABAAAAAIAAAFSAAAAAwAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/eo
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_2) AppleWebKit/601.3.9 (KHTML, like Gecko) Version/9.0.2 Safari/601.3.9
Targets
-
-
Target
PL32.dll
-
Size
129KB
-
MD5
6becfb436010b3ddbf4fe7e620c26913
-
SHA1
20db1ecd4c46cca485017dcb6cab801f90da10e3
-
SHA256
3bcd733dfb7cceaf17b0685876f7b66928cb915ab99424d9d14746e4b622a853
-
SHA512
59167af88678f067d3258530f062fd99e3b4a478bfdc34937e187cd662749525a86133a01809ae1d5f90afcdd9368c182671e2ae3169019d0743cbd2b732cf55
Score10/10 -