General
-
Target
decoded-binary.bin
-
Size
203KB
-
Sample
210913-z35z4aede7
-
MD5
24c4ac2a54843e65377510618edfc173
-
SHA1
0969e21c478825a86d41c1662c1b90023fa9d72d
-
SHA256
70f77f0cbd2b951c08e33a2466237cf0f7204f3420f99350059ff4dcbb65f94f
-
SHA512
60646e4ac7a30cbfc9ce7b712df15bf9a5ca0b8602015e537db3d4150b968438c07bb3593dd7fbf3fb75d127671737a033838fb626e3df56fb209758f8752446
Static task
static1
Behavioral task
behavioral1
Sample
decoded-binary.bin.dll
Resource
win7v20210408
Behavioral task
behavioral2
Sample
decoded-binary.bin.dll
Resource
win10-en
Malware Config
Extracted
cobaltstrike
1359593325
http://23.106.123.219:80/btn_bg.html
-
access_type
512
-
host
23.106.123.219,/btn_bg.html
-
http_header1
AAAAEAAAAB5Ib3N0OiBtaWNyYXNvZnRlZGdldXBkYXRlci5jb20AAAAKAAAAEUNvbm5lY3Rpb246IGNsb3NlAAAACgAAABJBY2NlcHQ6IGltYWdlL2pwZWcAAAAHAAAAAAAAAAgAAAADAAAAAgAAAAVIU0lEPQAAAAYAAAAGQ29va2llAAAACQAAAAxjb250YWN0PXRydWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAAEAAAAB5Ib3N0OiBtaWNyYXNvZnRlZGdldXBkYXRlci5jb20AAAAKAAAAEUNvbm5lY3Rpb246IGNsb3NlAAAACgAAACVBY2NlcHQtTGFuZ3VhZ2U6IGVuLUdCO3E9MC45LCAqO3E9MC43AAAACgAAAC9Db250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZAAAAAcAAAABAAAACwAAAAMAAAACAAAACHJlcGxhY2U9AAAABAAAAAcAAAAAAAAAAwAAAAIAAAAOX19zZXNzaW9uX19pZD0AAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
9984
-
polling_time
60996
-
port_number
80
-
sc_process32
%windir%\syswow64\runonce.exe
-
sc_process64
%windir%\sysnative\runonce.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJvC2CQYaIouT41kXKVNrM5lLvclGJRE+i3ves+vC0AADUWTPs64Dn/B4eKlQKPpbC/8IgJjadD/B9pZiY8XUlk4dvaagLdjBCq7uSxS+KhVVsX46LBSBgIxaE4AeoZvwBD2n0wdeeI2sbkMvDhhv5s6Nmz12sAtOVGdr8cX3s5QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
6.1158912e+08
-
unknown2
AAAABAAAAAIAAAJYAAAAAwAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/us
-
user_agent
Mozilla/5.0 (iPhone; CPU iPhone OS 12_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0
-
watermark
1359593325
Targets
-
-
Target
decoded-binary.bin
-
Size
203KB
-
MD5
24c4ac2a54843e65377510618edfc173
-
SHA1
0969e21c478825a86d41c1662c1b90023fa9d72d
-
SHA256
70f77f0cbd2b951c08e33a2466237cf0f7204f3420f99350059ff4dcbb65f94f
-
SHA512
60646e4ac7a30cbfc9ce7b712df15bf9a5ca0b8602015e537db3d4150b968438c07bb3593dd7fbf3fb75d127671737a033838fb626e3df56fb209758f8752446
Score1/10 -