General
-
Target
368b791d4fb7342d10d298e4445aa624.dll
-
Size
199KB
-
Sample
201213-599sgkpmpa
-
MD5
368b791d4fb7342d10d298e4445aa624
-
SHA1
288ea4542bb8b758c0b13d54deb36b00c287f032
-
SHA256
557772effd7149653c391055a2bd4d12eb2588255fbb0b66112958554e6579ff
-
SHA512
486368d60e0d49906d55d7b8101b2df7ea791e4644cefb1d9c2618ab78bf9db717fbc0cbcfa7d5585102b25467224ea29765c3cf002cabd72ae814370de7eac1
Static task
static1
Behavioral task
behavioral1
Sample
368b791d4fb7342d10d298e4445aa624.dll
Resource
win7v20201028
Behavioral task
behavioral2
Sample
368b791d4fb7342d10d298e4445aa624.dll
Resource
win10v20201028
Malware Config
Extracted
cobaltstrike
http://85.143.222.15:8082/ptj
-
host
85.143.222.15,/ptj
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_method1
GET
-
http_method2
POST
-
maxdns
255
-
pipe_name
\\%s\pipe\msagent_%x
-
polling_time
60000
-
port_number
8082
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQChvz2oKTJ0/eJ7cFxHaHPhGqqNrEeTk0/ji502tl8m/Hm/oETz8CH0xSxpU5gyg+tG0FqOQY3WOvmPz61LGiGv4spGlz3Hxd8HXEnd3rk560YzaAPlbwB3bBjbPs1GCAYK5qkDOO7a1WhfdEMBDbtZeqY1JpMSSMovpUojps3qLwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; LEN2)
Targets
-
-
Target
368b791d4fb7342d10d298e4445aa624.dll
-
Size
199KB
-
MD5
368b791d4fb7342d10d298e4445aa624
-
SHA1
288ea4542bb8b758c0b13d54deb36b00c287f032
-
SHA256
557772effd7149653c391055a2bd4d12eb2588255fbb0b66112958554e6579ff
-
SHA512
486368d60e0d49906d55d7b8101b2df7ea791e4644cefb1d9c2618ab78bf9db717fbc0cbcfa7d5585102b25467224ea29765c3cf002cabd72ae814370de7eac1
Score9/10-
ServiceHost packer
Detects ServiceHost packer used for .NET malware
-