General
-
Target
cs.exe
-
Size
219KB
-
Sample
211005-ngklgshhhn
-
MD5
7c766b8bfaba529f3752255eebe5e9d2
-
SHA1
e877ff6dd108883a904742ce23ebd5e8e5151672
-
SHA256
e16f25682655887cfe2bbaf1634210b901fbc9a8c17ffc7bad06912dfe6e8010
-
SHA512
5ce71fff7292a3fc207a8beab57792fd04f8441cb2829f5b18be73b9a372799d57f50b17209633d7fb12cb90b0bdecd3c025c7c1018ef48150d0941b275b4324
Static task
static1
Behavioral task
behavioral1
Sample
cs.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
cs.exe
Resource
win10v20210408
Malware Config
Extracted
cobaltstrike
1359593325
http://pypi.python.org:443/questions/32251816/c-sharp-directives-compilation-error
-
access_type
512
-
beacon_type
2048
-
host
pypi.python.org,/questions/32251816/c-sharp-directives-compilation-error
-
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQWNjZXB0LUxhbmd1YWdlOiBlbi1VUwAAAAcAAAAAAAAACAAAAAIAAAAFcHJvdj0AAAABAAAADjtub3RpY2UtY3R0PSExAAAAAQAAAA87X2dhPUdBMS4yLjk5MjQAAAABAAAABztfZ2F0PTEAAAABAAAAEDtfX3FjYT1QMC0yMTQ0NTkAAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAATQWNjZXB0LUxhbmd1YWdlOiBlbgAAAAcAAAABAAAACAAAAAIAAAAFcHJvdj0AAAABAAAADjtub3RpY2UtY3R0PSExAAAAAQAAAA87X2dhPUdBMS4yLjk5MjQAAAABAAAABztfZ2F0PTEAAAABAAAAEDtfX3FjYT1QMC0yMTQ0NTkAAAAGAAAABkNvb2tpZQAAAAcAAAAAAAAADQAAAAUAAAAJYW5zd2VydGFiAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
GET
-
jitter
5632
-
polling_time
35000
-
port_number
443
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCAJ9HSCGpsUISIdcX9KSquGTBtNV2BM1E1rv+Ft+mdYImNxh8Nz4froDPf/4X+lKkxgW23GjBft5PITEy/oAJK/Q65fMN90V89aOXvFqTE43YBWaqDawPzPt6cDALvUtnULBWceckc0qo9kOwxn9N4aAi7RLBSP9beFe5VEP7yUQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
3.445232896e+09
-
unknown2
AAAABAAAAAEAAAQ/AAAAAgAAABEAAAACAAAATgAAAAIAAAAHAAAAAgAAAHMAAAACAAAAXgAAAAIAAAABAAAADQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown3
1.610612736e+09
-
uri
/questions/32251817/c-sharp-directives-compilation-error
-
user_agent
Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36
-
watermark
1359593325
Targets
-
-
Target
cs.exe
-
Size
219KB
-
MD5
7c766b8bfaba529f3752255eebe5e9d2
-
SHA1
e877ff6dd108883a904742ce23ebd5e8e5151672
-
SHA256
e16f25682655887cfe2bbaf1634210b901fbc9a8c17ffc7bad06912dfe6e8010
-
SHA512
5ce71fff7292a3fc207a8beab57792fd04f8441cb2829f5b18be73b9a372799d57f50b17209633d7fb12cb90b0bdecd3c025c7c1018ef48150d0941b275b4324
Score10/10-
suricata: ET MALWARE Cobalt Strike Malleable C2 Request (Stackoverflow Profile)
suricata: ET MALWARE Cobalt Strike Malleable C2 Request (Stackoverflow Profile)
-