General
-
Target
cs.exe
-
Size
221KB
-
Sample
210926-kzprdaeefm
-
MD5
edb5c2ad1bfd4570b360a68dd8ee9527
-
SHA1
ef4134dce94a6cf9239e41ad5ad9256225fa7fd8
-
SHA256
62a1353464b1687476a6d648161e8f9af6c6d26c7ebee0cbb3b0eacb8e5a9fc4
-
SHA512
72f02188a05df09d141ac8b0c6b2417056fecdfea6071ff6a5b509b0dceccbb55d0c7eb6f5ebec3e1a35143d7366e4c49ab10e05812d8e7017c015ff71e89ae2
Static task
static1
Behavioral task
behavioral1
Sample
cs.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
cs.exe
Resource
win10-en-20210920
Malware Config
Extracted
cobaltstrike
1580103824
http://wsus-link.global.ssl.fastly.net:443/Arrange/v4.12/1GJUQQEHI2
-
access_type
512
-
beacon_type
2048
-
host
wsus-link.global.ssl.fastly.net,/Arrange/v4.12/1GJUQQEHI2
-
http_header1
AAAACgAAADlBY2NlcHQ6IGFwcGxpY2F0aW9uL3hodG1sK3htbCwgYXBwbGljYXRpb24veG1sLCB0ZXh0L2h0bWwAAAAKAAAAFkFjY2VwdC1MYW5ndWFnZTogZnItYmUAAAAKAAAAI0FjY2VwdC1FbmNvZGluZzogY29tcHJlc3MsIGlkZW50aXR5AAAABwAAAAAAAAAPAAAACwAAAAIAAAAPYXV0aF90b2tlbjhNWjc9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAADpBY2NlcHQ6IGFwcGxpY2F0aW9uL2pzb24sIHRleHQvaHRtbCwgYXBwbGljYXRpb24veGh0bWwreG1sAAAACgAAABZBY2NlcHQtTGFuZ3VhZ2U6IGVzLWVjAAAACgAAABxBY2NlcHQtRW5jb2Rpbmc6ICosIGlkZW50aXR5AAAABwAAAAAAAAAPAAAACAAAAAUAAAAJX1dIRlBPVUlVAAAABwAAAAEAAAAPAAAACAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
9216
-
polling_time
60
-
port_number
443
-
sc_process32
%windir%\syswow64\dns-sd.exe
-
sc_process64
%windir%\sysnative\systray.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCabMKMHSasD+SZAoJfzeBpBa/eQoNP5J0epVRD9EEdpPrAupyQh8WbHUGYTlnsCsKjrO8jeJ/ckpKNR3Ew6BWqUU+rexy7ersmsDbB+g3aC1NZF3H/G1NQtPue0ZmaHeHrWi9kN7J+RIIe+v7HnKOXvDXqtEOn2n4yttW1Qy788QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
6.0444672e+08
-
unknown2
AAAABAAAAAEAAAOOAAAAAgAAA44AAAAIAAAADwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/Test/v9.99/3LW02LFOQWP
-
user_agent
Mozilla/5.0 (Windows NT 5.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36
-
watermark
1580103824
Targets
-
-
Target
cs.exe
-
Size
221KB
-
MD5
edb5c2ad1bfd4570b360a68dd8ee9527
-
SHA1
ef4134dce94a6cf9239e41ad5ad9256225fa7fd8
-
SHA256
62a1353464b1687476a6d648161e8f9af6c6d26c7ebee0cbb3b0eacb8e5a9fc4
-
SHA512
72f02188a05df09d141ac8b0c6b2417056fecdfea6071ff6a5b509b0dceccbb55d0c7eb6f5ebec3e1a35143d7366e4c49ab10e05812d8e7017c015ff71e89ae2
Score10/10 -