General
-
Target
HyperLinkDemo.exe
-
Size
952KB
-
Sample
210215-bxqvbbebtn
-
MD5
593f93498ed4563985e10ebbe80d657e
-
SHA1
7a76a16b1355da1e594e5a6cad2db28ab68c02cf
-
SHA256
cf9f6a9389651599d4dd42b160643841cc1602b4dc4065ce4fbceaec0d8656d1
-
SHA512
50c93d2a3f17ed56318b204b43c49af0b9f86057fb7649ed7a02196e2349a6ccfd728fb8adab67b32af8a5b366a630a07cc9a9b6010a7a93e8a1c5391232f6b5
Static task
static1
Behavioral task
behavioral1
Sample
HyperLinkDemo.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
HyperLinkDemo.exe
Resource
win10v20201028
Malware Config
Extracted
cobaltstrike
http://topother.com:443/admin
-
access_type
512
-
beacon_type
2048
-
host
topother.com,/admin
-
http_header1
AAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAAVQWNjZXB0LUVuY29kaW5nOiBnemlwAAAACgAAACVBY2NlcHQtTGFuZ3VhZ2U6IGVuLUdCO3E9MC45LCAqO3E9MC43AAAABwAAAAAAAAADAAAAAwAAAAIAAAArd29yZHByZXNzX2Q2YzA0MDVlMGQ3YWIxOGZkNGU2YTBiNzRmY2U0MGIwPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAAVQWNjZXB0LUVuY29kaW5nOiBnemlwAAAACgAAABhDb250ZW50LVR5cGU6IHRleHQvcGxhaW4AAAAHAAAAAQAAAAMAAAADAAAABAAAAAcAAAAAAAAAAwAAAAIAAAAOX19zZXNzaW9uX19pZD0AAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
10496
-
polling_time
55030
-
port_number
443
-
sc_process32
%windir%\syswow64\regsvr32.exe
-
sc_process64
%windir%\sysnative\regsvr32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCeiunXEnsXFofwaNPXBB2LDEFCgt+TyBd4oRWC9zFX1OUYgS94SloQQUBYMkz1BAPvqlU7/AA6UTyDUrcyoaWp7r+j8QYnvY6K6T5B0M1el1aEL8KqOiPkrSgs3MzekU22hbK1xDWxNvszHXc/F5U39/30kLg01iiJ7irjrpes4QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4.272630272e+09
-
unknown2
AAAABAAAAAIAAAFSAAAAAwAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/ee
-
user_agent
Mozilla/5.0 (iPhone; CPU iPhone OS 12_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0
Targets
-
-
Target
HyperLinkDemo.exe
-
Size
952KB
-
MD5
593f93498ed4563985e10ebbe80d657e
-
SHA1
7a76a16b1355da1e594e5a6cad2db28ab68c02cf
-
SHA256
cf9f6a9389651599d4dd42b160643841cc1602b4dc4065ce4fbceaec0d8656d1
-
SHA512
50c93d2a3f17ed56318b204b43c49af0b9f86057fb7649ed7a02196e2349a6ccfd728fb8adab67b32af8a5b366a630a07cc9a9b6010a7a93e8a1c5391232f6b5
Score10/10-
Dave packer
Detects executable packed with a packer named 'Dave' from the community, due to a string at the end of it.
-