General
-
Target
d4b64e363b4b26f82ca61f3890329c9f0978820f4107eb3d95309bc9adbfd280.zip
-
Size
681KB
-
Sample
210925-vkzm5sdff4
-
MD5
bfe053ccc50f9e42b15d1c501b123f27
-
SHA1
5aa6ba1292de36291710e2400045f29c0344dac4
-
SHA256
56704aa3d43bf93be5a31b1bbcef67684e476c3527fcfb84c5aae34c671e2434
-
SHA512
2e5dea51cf772634b832b4a938930f0f9953ce22fc9ee3d55691871feaea2792aa7f64b6ea3932803802a62ecdba38be005fe899791f21a34fa43ffdbb54b2e3
Static task
static1
Behavioral task
behavioral1
Sample
d4b64e363b4b26f82ca61f3890329c9f0978820f4107eb3d95309bc9adbfd280.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
d4b64e363b4b26f82ca61f3890329c9f0978820f4107eb3d95309bc9adbfd280.exe
Resource
win10-en-20210920
Malware Config
Extracted
cobaltstrike
426352781
http://adsense.servehttp.com:8080/jquery-3.3.1.min.js
-
access_type
512
-
host
adsense.servehttp.com,/jquery-3.3.1.min.js
-
http_header1
AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAAAoAAAAgUmVmZXJlcjogaHR0cDovL2NvZGUuanF1ZXJ5LmNvbS8AAAAKAAAAHkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQAAAAcAAAAAAAAADQAAAAIAAAAJX19jZmR1aWQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAAAoAAAAgUmVmZXJlcjogaHR0cDovL2NvZGUuanF1ZXJ5LmNvbS8AAAAKAAAAHkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQAAAAcAAAAAAAAADwAAAA0AAAAFAAAACF9fY2ZkdWlkAAAABwAAAAEAAAAPAAAADQAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
9472
-
polling_time
45000
-
port_number
8080
-
sc_process32
%windir%\syswow64\dllhost.exe
-
sc_process64
%windir%\sysnative\dllhost.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCq35ojbTVKO7QpHjyZt542/EKkN3+NH1/ZNMvGImzWLY36vdrR7NW2Hks705gVQwmXk94UGWuuTUybjFCXigC1OaROHcMd/D8213F8sMn5uFE9YDxSGhPfjpAjpcFSNsGwtBCDkFI9t3lsJa1Gk5MO5DKC8GcIHJze/RkCKCR/5wIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4.234810624e+09
-
unknown2
AAAABAAAAAEAAAXyAAAAAgAAAFQAAAACAAAPWwAAAA0AAAAPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/jquery-3.3.2.min.js
-
user_agent
Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
-
watermark
426352781
Targets
-
-
Target
d4b64e363b4b26f82ca61f3890329c9f0978820f4107eb3d95309bc9adbfd280.exe
-
Size
2.4MB
-
MD5
62b3f2c6e198d43403ca9ef0b63565f1
-
SHA1
fc8105698955688c59697fa2fc5ec35fefcc15e2
-
SHA256
d4b64e363b4b26f82ca61f3890329c9f0978820f4107eb3d95309bc9adbfd280
-
SHA512
034fc1b6a1d8c885a6ecbfbc13e5aa0e0cdd104e15d28702a264bf8a392af6660c0775cdb25865830b877a40b0d014b044db8f312954f276ee4923440d7ca92f
Score10/10 -