General
-
Target
beacon.exe
-
Size
383KB
-
Sample
201208-rj59b6k2fn
-
MD5
860cdd118f68793a680ad4d22c43619a
-
SHA1
18ad055e52757826b292e2e05fc9d15e33ccd4bf
-
SHA256
4f6af6104eb118ee193f1b77124dfcdfbef04af6ae6e55c8e37f2f68e9d526eb
-
SHA512
f6ce5ba4a0b21e49adde25e934b0f1426d372297033d027131a9afb8b28350ff74a48a1fdaca9b6f069b7164124d96f8e7cf7fa55e79321197b6c805302836ae
Static task
static1
Behavioral task
behavioral1
Sample
beacon.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
beacon.exe
Resource
win10v20201028
Malware Config
Extracted
cobaltstrike
http://oow8Phokeing6kai5haH.glowtrow.online:443/gifs/
http://ooLiey0phuoghei2cei7.cleans.online:443/gifs/
http://eiphaem9aifuR1udaizu.badedsho.space:443/image/
-
access_type
512
-
beacon_type
2048
-
dns_idle
6.7373064e+07
-
dns_sleep
8.1297408e+08
-
host
oow8Phokeing6kai5haH.glowtrow.online,/gifs/,ooLiey0phuoghei2cei7.cleans.online,/gifs/,eiphaem9aifuR1udaizu.badedsho.space,/image/
-
http_header1
AAAACgAAAB9BY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41AAAACgAAAFJBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LGltYWdlL3dlYnAsKi8qO3E9MC44AAAACgAAAB5BY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUAAAAKAAAAEUNvbm5lY3Rpb246IGNsb3NlAAAABwAAAAAAAAAPAAAADQAAAAEAAAALL2tpdHRlbi5naWYAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_header2
AAAACgAAAB5Db250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL2pzb24AAAAKAAAAEUNvbm5lY3Rpb246IGNsb3NlAAAABwAAAAAAAAAPAAAACAAAAAYAAAAOQXV0aGVudGljYXRpb24AAAAHAAAAAQAAAAMAAAACAAAAc3siaW1hZ2VfdXJsIiA6ICJodHRwczovL3N1bjktMjMudXNlcmFwaS5jb20vRzRKdmRaREVmTGRJUGxOTjEtSmtNR1EydW5mMktFSVY1NE9tNWcvYWJKNzBqR0hmVmsuanBnIiwgIm1ldGFkYXRhIiA6ICIAAAABAAAAAiJ9AAAABAAAAAAAAA==
-
http_method1
GET
-
http_method2
POST
-
jitter
5120
-
maxdns
235
-
polling_time
60000
-
port_number
443
-
sc_process32
%windir%\syswow64\dfrgui.exe
-
sc_process64
%windir%\sysnative\dfrgui.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCIvdvQtJDW1I3V763zrsMpAmKESYebzPux6wkGUe3JLUJvczek+1wURhIWBSAHODyo9VoVYeV+Fdi5GC0F0c2E/NuZLhEk3eetXSCMFJCMo0wXM3ACHlKjMy1l87lvp4k+BN3+FR+bhR2mps1R+tsO941l1YKmMDez894lUy1mXwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
3.2384e+09
-
unknown2
AAAABAAAAAIAAABAAAAAAgAAAEAAAAACAAAAQAAAAAIAAABAAAAAAgAAAEAAAAACAAAAQAAAAAIAAABAAAAAAgAAAEAAAAACAAAAQAAAAAIAAABAAAAAAgAAAEAAAAACAAAAQAAAAAIAAABAAAAAAgAAAEAAAAACAAAAQAAAAAIAAABAAAAAAgAAAEAAAAACAAAAQAAAAAIAAABAAAAAAgAAAEAAAAACAAAAQAAAAAIAAABAAAAAAgAAAEAAAAACAAAAQAAAAAIAAABAAAAAAgAAAEAAAAACAAAAQAAAAAIAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/stocks/
-
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36
Targets
-
-
Target
beacon.exe
-
Size
383KB
-
MD5
860cdd118f68793a680ad4d22c43619a
-
SHA1
18ad055e52757826b292e2e05fc9d15e33ccd4bf
-
SHA256
4f6af6104eb118ee193f1b77124dfcdfbef04af6ae6e55c8e37f2f68e9d526eb
-
SHA512
f6ce5ba4a0b21e49adde25e934b0f1426d372297033d027131a9afb8b28350ff74a48a1fdaca9b6f069b7164124d96f8e7cf7fa55e79321197b6c805302836ae
Score10/10-
Deletes itself
-
Suspicious use of SetThreadContext
-