General
-
Target
2021-09-13-decoded-script-from-23.106.123.219-adsgfsdfdfghdf.txt
-
Size
273KB
-
Sample
210913-z6dp1sheaj
-
MD5
3963abbca3932a7d1e2b77cef1f6d57e
-
SHA1
803bc9645482b0900168693194ee22a6c4195c82
-
SHA256
2234da3184d660707007c5d8db49d3a5a8af51e4b346606a4845d87decf330e3
-
SHA512
2ab3c10c02e56ae0e1828ba8e8ad615955e995aa5a8598e6e6ef9b7c9405d70d4c473c6e9fb790c15c1f664f48cf744dd647fa6c44c9888789529a224d07aa95
Static task
static1
Behavioral task
behavioral1
Sample
2021-09-13-decoded-script-from-23.106.123.219-adsgfsdfdfghdf.txt.ps1
Resource
win7-en
Behavioral task
behavioral2
Sample
2021-09-13-decoded-script-from-23.106.123.219-adsgfsdfdfghdf.txt.ps1
Resource
win10-en
Malware Config
Extracted
cobaltstrike
1359593325
http://23.106.123.219:80/btn_bg.html
-
access_type
512
-
host
23.106.123.219,/btn_bg.html
-
http_header1
AAAAEAAAAB5Ib3N0OiBtaWNyYXNvZnRlZGdldXBkYXRlci5jb20AAAAKAAAAEUNvbm5lY3Rpb246IGNsb3NlAAAACgAAABJBY2NlcHQ6IGltYWdlL2pwZWcAAAAHAAAAAAAAAAgAAAADAAAAAgAAAAVIU0lEPQAAAAYAAAAGQ29va2llAAAACQAAAAxjb250YWN0PXRydWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAAEAAAAB5Ib3N0OiBtaWNyYXNvZnRlZGdldXBkYXRlci5jb20AAAAKAAAAEUNvbm5lY3Rpb246IGNsb3NlAAAACgAAACVBY2NlcHQtTGFuZ3VhZ2U6IGVuLUdCO3E9MC45LCAqO3E9MC43AAAACgAAAC9Db250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZAAAAAcAAAABAAAACwAAAAMAAAACAAAACHJlcGxhY2U9AAAABAAAAAcAAAAAAAAAAwAAAAIAAAAOX19zZXNzaW9uX19pZD0AAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
9984
-
polling_time
60996
-
port_number
80
-
sc_process32
%windir%\syswow64\runonce.exe
-
sc_process64
%windir%\sysnative\runonce.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJvC2CQYaIouT41kXKVNrM5lLvclGJRE+i3ves+vC0AADUWTPs64Dn/B4eKlQKPpbC/8IgJjadD/B9pZiY8XUlk4dvaagLdjBCq7uSxS+KhVVsX46LBSBgIxaE4AeoZvwBD2n0wdeeI2sbkMvDhhv5s6Nmz12sAtOVGdr8cX3s5QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
6.1158912e+08
-
unknown2
AAAABAAAAAIAAAJYAAAAAwAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/us
-
user_agent
Mozilla/5.0 (iPhone; CPU iPhone OS 12_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0
-
watermark
1359593325
Targets
-
-
Target
2021-09-13-decoded-script-from-23.106.123.219-adsgfsdfdfghdf.txt
-
Size
273KB
-
MD5
3963abbca3932a7d1e2b77cef1f6d57e
-
SHA1
803bc9645482b0900168693194ee22a6c4195c82
-
SHA256
2234da3184d660707007c5d8db49d3a5a8af51e4b346606a4845d87decf330e3
-
SHA512
2ab3c10c02e56ae0e1828ba8e8ad615955e995aa5a8598e6e6ef9b7c9405d70d4c473c6e9fb790c15c1f664f48cf744dd647fa6c44c9888789529a224d07aa95
Score10/10-
Blocklisted process makes network request
-