General
-
Target
0e999a347d3de40fd0b554bb56624e68e0e26e219c970018edfd9f7949cf7a0a
-
Size
21KB
-
Sample
210428-78616vx4hn
-
MD5
e87db96cd174302eb50197838cd0e600
-
SHA1
42a56aeb563dbd3ca10e1b3e5470d2214ddd44de
-
SHA256
0e999a347d3de40fd0b554bb56624e68e0e26e219c970018edfd9f7949cf7a0a
-
SHA512
45084a5c9d796465dc9775d1d55d2f232e164a24fb0e5adc601ca4766974ef6c06a0b55e87b85d70bdc0efe38b1095e94e4d73291828c345a3d54766760b1ce4
Static task
static1
Behavioral task
behavioral1
Sample
0e999a347d3de40fd0b554bb56624e68e0e26e219c970018edfd9f7949cf7a0a.dll
Resource
win7v20210408
Behavioral task
behavioral2
Sample
0e999a347d3de40fd0b554bb56624e68e0e26e219c970018edfd9f7949cf7a0a.dll
Resource
win10v20210410
Malware Config
Extracted
metasploit
windows/download_exec
http://194.15.112.119:443/wp/clients/windows10.0-kb4487020-x64_c24ea4717e559b13e5.cab
Extracted
cobaltstrike
1580103814
http://asureupdate.tech:443/c/msdownload/update/2018/04/lp_2b2fe45d38601f8ee9f0fef
http://194.15.112.119:443/c/msdownload/update/2018/04/lp_2b2fe45d38601f8ee9f0fef
-
access_type
512
-
beacon_type
2048
-
host
asureupdate.tech,/c/msdownload/update/2018/04/lp_2b2fe45d38601f8ee9f0fef,194.15.112.119,/c/msdownload/update/2018/04/lp_2b2fe45d38601f8ee9f0fef
-
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAABAAAAAgSG9zdDogZG93bmxvYWQud2luZG93c3VwZGF0ZS5jb20AAAAHAAAAAAAAAAMAAAACAAAACFNFU1NJT049AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAABAAAAAgSG9zdDogZG93bmxvYWQud2luZG93c3VwZGF0ZS5jb20AAAAHAAAAAAAAAAUAAAAJdXBkYXRlX2lkAAAABwAAAAEAAAADAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
14080
-
polling_time
55423
-
port_number
443
-
sc_process32
%windir%\syswow64\mstsc.exe
-
sc_process64
%windir%\sysnative\mstsc.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIxFQoQgA1ohF/81E6jHydAStU+7n2UivmZIExLW/w7Tai+MVSyk7estr+klSjl5LnH+0IgKXxOfogBOSTboCS88piP2vEqCJQ0tDzFxZuukZd5aTTxhLseQI1V2uWrc9iyfETt6Rtkqj40JmCrh2+RJTSBezpd7vmhy+Sf0ePJQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/c/msdownload/update/2019/05/lp_2b2fe45d38601f8ee9f0fef
-
user_agent
Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.0
-
watermark
1580103814
Targets
-
-
Target
0e999a347d3de40fd0b554bb56624e68e0e26e219c970018edfd9f7949cf7a0a
-
Size
21KB
-
MD5
e87db96cd174302eb50197838cd0e600
-
SHA1
42a56aeb563dbd3ca10e1b3e5470d2214ddd44de
-
SHA256
0e999a347d3de40fd0b554bb56624e68e0e26e219c970018edfd9f7949cf7a0a
-
SHA512
45084a5c9d796465dc9775d1d55d2f232e164a24fb0e5adc601ca4766974ef6c06a0b55e87b85d70bdc0efe38b1095e94e4d73291828c345a3d54766760b1ce4
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Blocklisted process makes network request
-