General
-
Target
914de6ab09a9a2d6a2f8118e2068416b
-
Size
207KB
-
Sample
201117-rthr8383tn
-
MD5
9cfc38ee4e490a9c71e356c27f7dff3e
-
SHA1
6ab49e0109182ce9bde3d0a6c68c097f639d377b
-
SHA256
a9b97ed0f52f405a812e2aa42ee1962e05a7497e4b6e88ea4b3d31dc7db471ca
-
SHA512
2f572d2fb331f227bf71aa78362281ad81e10c1670bb09b4566dae5f161796f1703692749e7dfb3f523531416c1c5ae8626797c3c5902436de5e937ed6e3d5e7
Static task
static1
Behavioral task
behavioral1
Sample
914de6ab09a9a2d6a2f8118e2068416b.dll
Resource
win7v20201028
Behavioral task
behavioral2
Sample
914de6ab09a9a2d6a2f8118e2068416b.dll
Resource
win10v20201028
Malware Config
Extracted
cobaltstrike
http://192.168.10.147:5556/push
-
access_type
512
-
host
192.168.10.147,/push
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_method1
GET
-
http_method2
POST
-
maxdns
255
-
polling_time
60000
-
port_number
5556
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC10V2CX5cBjYcPIsw2huRaohIre5LXeDVuHaU0Cx6nZGm6geVbaAUDvgRDs2bTuCiCSYe7N/ZCwD6qg3Cs4rgqwQ2Rd10GrR7SJxea+QZGhoy9pcyUbrWOblw6amo/MCPRU+cqOafkfALn5NnYbOE6pxBMzNYtH7nHfQ9Ks4oCjwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;NLNL)
Targets
-
-
Target
914de6ab09a9a2d6a2f8118e2068416b
-
Size
207KB
-
MD5
9cfc38ee4e490a9c71e356c27f7dff3e
-
SHA1
6ab49e0109182ce9bde3d0a6c68c097f639d377b
-
SHA256
a9b97ed0f52f405a812e2aa42ee1962e05a7497e4b6e88ea4b3d31dc7db471ca
-
SHA512
2f572d2fb331f227bf71aa78362281ad81e10c1670bb09b4566dae5f161796f1703692749e7dfb3f523531416c1c5ae8626797c3c5902436de5e937ed6e3d5e7
Score1/10 -