General
-
Target
LawyerCustomerComplaint.exe
-
Size
671KB
-
Sample
210211-epse3jscqs
-
MD5
60772f2f4ba787c019ff29dc9c747381
-
SHA1
98d4e1c4ae2e19da51f4543cb2cff51a4a7f2b3e
-
SHA256
7fa4ef5925f7374a93494b97a6ab43b0951c2d504972bbf43f9d29398e55481f
-
SHA512
93c38dd200d3bbac351e0e2debaa8f5468be12c07e4a3f0c518b8c91a1977e60791669b1c86fa67a748fd91e4a02029f6a83ee419a1875236646999a4b3beee4
Static task
static1
Behavioral task
behavioral1
Sample
LawyerCustomerComplaint.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
LawyerCustomerComplaint.exe
Resource
win10v20201028
Malware Config
Extracted
cobaltstrike
http://fast1arrival.com:443/sq
-
access_type
512
-
beacon_type
2048
-
host
fast1arrival.com,/sq
-
http_header1
AAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAAVQWNjZXB0LUVuY29kaW5nOiBnemlwAAAABwAAAAAAAAAIAAAAAwAAAAIAAAAWd29vY29tbWVyY2VfY2FydF9oYXNoPQAAAAYAAAAGQ29va2llAAAACQAAAAlsaWQ9ZmFsc2UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAAYQ29udGVudC1UeXBlOiB0ZXh0L3BsYWluAAAABwAAAAEAAAANAAAAAwAAAAQAAAAHAAAAAAAAAAMAAAACAAAADl9fc2Vzc2lvbl9faWQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
9984
-
polling_time
56249
-
port_number
443
-
sc_process32
%windir%\syswow64\svchost.exe
-
sc_process64
%windir%\sysnative\svchost.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCF+q5cK4mfZa5R15DDfWC2PdZQHPNer+r8EseYI073nub+m1v0OArtntbBxfFHkj+3BfMkhLjUKa0beD9PWt8DUs6q3TyZHsmZEHZ/WMoKNJCEufCl1v6PGw+SJavUx+W0G7Vs1eHAQGnoogs/4+2E5tfUnKntDe5QrTV5osCsVwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
7.8457344e+07
-
unknown2
AAAABAAAAAIAAAJYAAAAAwAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/ab
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_2) AppleWebKit/601.3.9 (KHTML, like Gecko) Version/9.0.2 Safari/601.3.9
Targets
-
-
Target
LawyerCustomerComplaint.exe
-
Size
671KB
-
MD5
60772f2f4ba787c019ff29dc9c747381
-
SHA1
98d4e1c4ae2e19da51f4543cb2cff51a4a7f2b3e
-
SHA256
7fa4ef5925f7374a93494b97a6ab43b0951c2d504972bbf43f9d29398e55481f
-
SHA512
93c38dd200d3bbac351e0e2debaa8f5468be12c07e4a3f0c518b8c91a1977e60791669b1c86fa67a748fd91e4a02029f6a83ee419a1875236646999a4b3beee4
Score10/10-
Dave packer
Detects executable packed with a packer named 'Dave' from the community, due to a string at the end of it.
-