General
-
Target
1.ps1
-
Size
342KB
-
Sample
210727-qv2xqg2mnj
-
MD5
59e827239f2392b954d985c77c9d5835
-
SHA1
9cee71df4d3b630c13b105aa2a93ed26d49db908
-
SHA256
0748c90ba4f1fcf603134cd9f98aafad3298d4fb859b189cfdf0523f63aa85bf
-
SHA512
15bd39e114f6b5041c5dd820a0b1b8cc02b4f72d4f5b6c0754a1fa511cb79707973114d5ba0bb4f25b8db1168769cc57b512e487f24af3126ba3e2bdd5f10a7d
Static task
static1
Behavioral task
behavioral1
Sample
1.ps1
Resource
win7v20210410
Behavioral task
behavioral2
Sample
1.ps1
Resource
win10v20210408
Malware Config
Extracted
cobaltstrike
305419776
http://amibios-updater.com:757/logo
-
access_type
512
-
beacon_type
2048
-
host
amibios-updater.com,/logo
-
http_header1
AAAAEAAAABlIb3N0OiBhbWliaW9zLXVwZGF0ZXIuY29tAAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAATQWNjZXB0LUVuY29kaW5nOiBicgAAAAoAAAA9QWNjZXB0LUxhbmd1YWdlOiBmci1DSCwgZnI7cT0wLjksIGVuO3E9MC44LCBkZTtxPTAuNywgKjtxPTAuNQAAAAcAAAAAAAAACwAAAAMAAAACAAAADHJlZ19mYl9nYXRlPQAAAAYAAAAGQ29va2llAAAACQAAAAxuZXduYW1lPXRydWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAAEAAAABlIb3N0OiBhbWliaW9zLXVwZGF0ZXIuY29tAAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAAYQ29udGVudC1UeXBlOiB0ZXh0L3BsYWluAAAABwAAAAEAAAANAAAAAwAAAAQAAAAHAAAAAAAAAAMAAAACAAAADl9fc2Vzc2lvbl9faWQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
9472
-
polling_time
59185
-
port_number
757
-
sc_process32
%windir%\syswow64\svchost.exe
-
sc_process64
%windir%\sysnative\svchost.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD8r8FL1Z+2Dj11n8yfOovicCp/feIgiC3nJ4Wf4jTO8RS457mP3KLeIXrWcaP7EXlyOsS4OOVB1ao/jXlyE4NBFuYd6teyBcasiMEmZQM7HA40xBHUlYdX2C6C6AlXwt6Y1x/MSjAqOoNfRpEOWiqCoWLdnbCDAWaCBCW4E/JtKQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4.272630272e+09
-
unknown2
AAAABAAAAAIAAAFSAAAAAwAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/temp
-
user_agent
Mozilla/5.0 (Linux; Android 6.0; HTC One X10 Build/MRA58K; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0
-
watermark
305419776
Targets
-
-
Target
1.ps1
-
Size
342KB
-
MD5
59e827239f2392b954d985c77c9d5835
-
SHA1
9cee71df4d3b630c13b105aa2a93ed26d49db908
-
SHA256
0748c90ba4f1fcf603134cd9f98aafad3298d4fb859b189cfdf0523f63aa85bf
-
SHA512
15bd39e114f6b5041c5dd820a0b1b8cc02b4f72d4f5b6c0754a1fa511cb79707973114d5ba0bb4f25b8db1168769cc57b512e487f24af3126ba3e2bdd5f10a7d
Score10/10-
Blocklisted process makes network request
-