General
-
Target
87766b03bd60f023941fc02d8dc5c292136bc5e6e0805cac765929f45e61b90d
-
Size
2.1MB
-
Sample
210722-44gz8jk9y6
-
MD5
8d92d0894c3af0058365264f87117f93
-
SHA1
7461ee6f37a82d477fed0b2ccf422b40b931d81f
-
SHA256
87766b03bd60f023941fc02d8dc5c292136bc5e6e0805cac765929f45e61b90d
-
SHA512
419b0942409a3b9188587659ab4d43513c60fcb4f8ff14d977ae44f3b84fd680dcaf86a1a629c1784f6661240c0bbca51e84393773d75572941b77b496079065
Malware Config
Extracted
cobaltstrike
305419776
http://juniper-firmware.com:757/Forums
-
access_type
512
-
beacon_type
2048
-
host
juniper-firmware.com,/Forums
-
http_header1
AAAAEAAAABpIb3N0OiBqdW5pcGVyLWZpcm13YXJlLmNvbQAAAAoAAAARQ29ubmVjdGlvbjogY2xvc2UAAAAKAAAAFkFjY2VwdC1MYW5ndWFnZTogZW4tVVMAAAAHAAAAAAAAAAsAAAADAAAAAgAAACt3b3JkcHJlc3NfZWQxZjYxN2JiZDZjMDA0Y2MwOWUwNDZmM2MxYjcxNDg9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAAEAAAABpIb3N0OiBqdW5pcGVyLWZpcm13YXJlLmNvbQAAAAoAAAARQ29ubmVjdGlvbjogY2xvc2UAAAAKAAAAL0NvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkAAAABwAAAAEAAAAPAAAAAwAAAAIAAAAEbmlkPQAAAAQAAAAHAAAAAAAAAAMAAAACAAAADl9fc2Vzc2lvbl9faWQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
10496
-
polling_time
62865
-
port_number
757
-
sc_process32
%windir%\syswow64\WUAUCLT.exe
-
sc_process64
%windir%\sysnative\WUAUCLT.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5FZ8YTALyQMSGZc5Vfxil5f/Ku7QINtaLISbnqjNzojjsQA7WYlRTv2Y7z9QNHHq0iZPFsJo8rdvq7YRwJwlasO0+6Spc/K0QrF4jehlulPhlayBJAQJaAkmIVJt9U2yYlXF2goMxgACErQSCoQI2yRumYtKOPWEIpzYbM0WshwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
5.44480256e+08
-
unknown2
AAAABAAAAAIAAAJYAAAAAwAAAA0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/lv
-
user_agent
Mozilla/5.0 (Windows Phone 10.0; Android 6.0.1; Microsoft; RM-1152) AppleWebKit/537.36 (KHTML, like Gecko)
-
watermark
305419776
Targets
-
-
Target
87766b03bd60f023941fc02d8dc5c292136bc5e6e0805cac765929f45e61b90d
-
Size
2.1MB
-
MD5
8d92d0894c3af0058365264f87117f93
-
SHA1
7461ee6f37a82d477fed0b2ccf422b40b931d81f
-
SHA256
87766b03bd60f023941fc02d8dc5c292136bc5e6e0805cac765929f45e61b90d
-
SHA512
419b0942409a3b9188587659ab4d43513c60fcb4f8ff14d977ae44f3b84fd680dcaf86a1a629c1784f6661240c0bbca51e84393773d75572941b77b496079065
Score10/10-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-