General
-
Target
cb.exe
-
Size
565KB
-
Sample
201210-8zr11825t2
-
MD5
dbffcc741c54ae7632fb2807c888bdfe
-
SHA1
135fe840084973d099de68992de40224ed1680b9
-
SHA256
55c7a0ec28ac9319b3d2245882007c7c1f72b3f44970d24c6d5c355f993d1fb9
-
SHA512
eab651efd209dee4fb6137ecadfce58e4ecfd1cdcf767a28c02fefc62a814a08d97d81d942f3609a882b4b81767e322f1fea3c5d7688d2d7785a8f1f56e9ef4c
Static task
static1
Behavioral task
behavioral1
Sample
cb.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
cb.exe
Resource
win10v20201028
Malware Config
Extracted
cobaltstrike
http://NuQuiedi8ezai5aHucei.cantusethis.fun:443/gifs/
http://Jae3Faita9jeiMeiVeiv.cantusethis.site:443/gifs/
http://ibee3sahkei7Ohcu9uGi.cantusethis.online:443/image/
-
access_type
512
-
beacon_type
2048
-
dns_idle
6.7373064e+07
-
dns_sleep
8.1297408e+08
-
host
NuQuiedi8ezai5aHucei.cantusethis.fun,/gifs/,Jae3Faita9jeiMeiVeiv.cantusethis.site,/gifs/,ibee3sahkei7Ohcu9uGi.cantusethis.online,/image/
-
http_header1
AAAACgAAAB9BY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41AAAACgAAAFJBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LGltYWdlL3dlYnAsKi8qO3E9MC44AAAACgAAAB5BY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUAAAAKAAAAEUNvbm5lY3Rpb246IGNsb3NlAAAABwAAAAAAAAAPAAAADQAAAAEAAAALL2tpdHRlbi5naWYAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_header2
AAAACgAAAB5Db250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL2pzb24AAAAKAAAAEUNvbm5lY3Rpb246IGNsb3NlAAAABwAAAAAAAAAPAAAACAAAAAYAAAAOQXV0aGVudGljYXRpb24AAAAHAAAAAQAAAAMAAAACAAAAc3siaW1hZ2VfdXJsIiA6ICJodHRwczovL3N1bjktMjMudXNlcmFwaS5jb20vRzRKdmRaREVmTGRJUGxOTjEtSmtNR1EydW5mMktFSVY1NE9tNWcvYWJKNzBqR0hmVmsuanBnIiwgIm1ldGFkYXRhIiA6ICIAAAABAAAAAiJ9AAAABAAAAAAAAA==
-
http_method1
GET
-
http_method2
POST
-
jitter
5120
-
maxdns
235
-
polling_time
60000
-
port_number
443
-
sc_process32
%windir%\syswow64\dfrgui.exe
-
sc_process64
%windir%\sysnative\dfrgui.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWJolZfZtN4+W4l2naPtrRPBZ9E6XqVyL8XSC08vwYVEtmn7iwPUgBQsddprki6QXEuQUro5OTw+ESzZzNrgOimS9DSimgnM8DroKyW8tQQgiPNHvIWyix4+fH7Ps7uEwr3o1nqPhEQHXYhmsHU/q73G6OxBHNR+OQDKaVgAg5bwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
3.2384e+09
-
unknown2
AAAABAAAAAIAAABAAAAAAgAAAEAAAAACAAAAQAAAAAIAAABAAAAAAgAAAEAAAAACAAAAQAAAAAIAAABAAAAAAgAAAEAAAAACAAAAQAAAAAIAAABAAAAAAgAAAEAAAAACAAAAQAAAAAIAAABAAAAAAgAAAEAAAAACAAAAQAAAAAIAAABAAAAAAgAAAEAAAAACAAAAQAAAAAIAAABAAAAAAgAAAEAAAAACAAAAQAAAAAIAAABAAAAAAgAAAEAAAAACAAAAQAAAAAIAAABAAAAAAgAAAEAAAAACAAAAQAAAAAIAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/temp/
-
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36
Targets
-
-
Target
cb.exe
-
Size
565KB
-
MD5
dbffcc741c54ae7632fb2807c888bdfe
-
SHA1
135fe840084973d099de68992de40224ed1680b9
-
SHA256
55c7a0ec28ac9319b3d2245882007c7c1f72b3f44970d24c6d5c355f993d1fb9
-
SHA512
eab651efd209dee4fb6137ecadfce58e4ecfd1cdcf767a28c02fefc62a814a08d97d81d942f3609a882b4b81767e322f1fea3c5d7688d2d7785a8f1f56e9ef4c
Score10/10 -