General
-
Target
6213413531451392.zip
-
Size
276KB
-
Sample
210916-vzqc1sgfgj
-
MD5
ce35d6cfe336071637c1261aabf5fd30
-
SHA1
e31b96a0f76f1f3976f2e969a2071a69b715e03b
-
SHA256
4f0d8356cbba546e9fc481ddd7e87613f4b7b56dfe406ddf7b6aa347764862c0
-
SHA512
274ac87e7bd061e94fd1c3cb0e9d8b6ab7870323c3a4a97969862e5d1d825819e2d11848e9f958cf6a051a2356ea07612e840adcf318387e2a1dffd922fc099a
Static task
static1
Behavioral task
behavioral1
Sample
de154ff10e75d6626eefcd288fa6c3458c58d7a9db74eb8b31432dd5d87ed564.exe
Resource
win7-en
Behavioral task
behavioral2
Sample
de154ff10e75d6626eefcd288fa6c3458c58d7a9db74eb8b31432dd5d87ed564.exe
Resource
win10v20210408
Malware Config
Extracted
cobaltstrike
1359593325
http://firstaholic.com:443/ce
-
access_type
512
-
beacon_type
2048
-
host
firstaholic.com,/ce
-
http_header1
AAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAAVQWNjZXB0LUVuY29kaW5nOiBnemlwAAAACgAAAD1BY2NlcHQtTGFuZ3VhZ2U6IGZyLUNILCBmcjtxPTAuOSwgZW47cT0wLjgsIGRlO3E9MC43LCAqO3E9MC41AAAABwAAAAAAAAADAAAAAwAAAAIAAAAQbWFkZV93cml0ZV9jb25uPQAAAAYAAAAGQ29va2llAAAACQAAAAphcHBseT10cnVlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAAvQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQAAAAHAAAAAQAAAAgAAAADAAAAAgAAAAdjb2x1bW49AAAABAAAAAcAAAAAAAAAAwAAAAIAAAAOX19zZXNzaW9uX19pZD0AAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
9472
-
polling_time
62650
-
port_number
443
-
sc_process32
%windir%\syswow64\regsvr32.exe
-
sc_process64
%windir%\sysnative\regsvr32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbKlbT/NYlU0ltRC19awBAkTkdlbPU13B/zDRLjD+Ll0JukJfOKn3v33UFeviJ+Zfkg2AcsK4Pymhe0FWXSO34YKaKpclTxZrtQ+rCn+S+adIR95K54JsDbjf3FyG1B6UbsV2Et458B+bIxojXZdlzFZ1otNel2pmAKdETER+ZKwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
5.10860288e+08
-
unknown2
AAAABAAAAAIAAAFSAAAAAwAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/mg
-
user_agent
Mozilla/5.0 (iPhone; CPU iPhone OS 12_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0
-
watermark
1359593325
Targets
-
-
Target
de154ff10e75d6626eefcd288fa6c3458c58d7a9db74eb8b31432dd5d87ed564
-
Size
480KB
-
MD5
2e0ba547566c76a7555b3ab981cd1dd5
-
SHA1
7bb3f946581b397c8e8c8563a50353c9b284fe46
-
SHA256
de154ff10e75d6626eefcd288fa6c3458c58d7a9db74eb8b31432dd5d87ed564
-
SHA512
f9b8789164a1a6e2ae76423d11e86273a451349dc234e00b5253638f5e69bb772502a8fa2f592007fe87cd066225cd8416ec3090d7ad04143e8b2911d8ee9c9b
Score10/10 -