General
-
Target
E31B.dll
-
Size
381KB
-
Sample
211007-wdwtcadacn
-
MD5
275de0fa302b364194f5cccc02de4a6a
-
SHA1
aee64bec2f84252fc593c2b372086e03507497b5
-
SHA256
fa2f0b11ec2b3e84560a8a3d686343c7099f1fa5a1694d3c5c2562db662902e2
-
SHA512
f07ba9b200ae5a3888c68811f215f15019995b2a6379a2bb3f2e4f06138b45e42c6dfe1614579300439b09ee93c33f01e520dd7129cbc9c99d423ba03dc6481a
Static task
static1
Behavioral task
behavioral1
Sample
E31B.dll
Resource
win7v20210408
Behavioral task
behavioral2
Sample
E31B.dll
Resource
win10-en-20210920
Malware Config
Extracted
cobaltstrike
1359593325
http://liveblm.com:443/jquery-3.3.1.min.js
-
access_type
512
-
beacon_type
2048
-
host
liveblm.com,/jquery-3.3.1.min.js
-
http_header1
AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAABAAAAARSG9zdDogbGl2ZWJsbS5jb20AAAAKAAAAIFJlZmVyZXI6IGh0dHA6Ly9jb2RlLmpxdWVyeS5jb20vAAAACgAAAB5BY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUAAAAHAAAAAAAAAA0AAAACAAAACV9fY2ZkdWlkPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAABAAAAARSG9zdDogbGl2ZWJsbS5jb20AAAAKAAAAIFJlZmVyZXI6IGh0dHA6Ly9jb2RlLmpxdWVyeS5jb20vAAAACgAAAB5BY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUAAAAHAAAAAAAAAA8AAAANAAAABQAAAAhfX2NmZHVpZAAAAAcAAAABAAAADwAAAA0AAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
9472
-
polling_time
60000
-
port_number
443
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDs9SVtI04iVtcnsnZ9gxP0aVtFalMrsA/JSi3gE0ahbWhupC8iTfDZ25Lo5/WmWenLLTRx47DoeVmXaK5tMKRo+kb1YeFsLF7f4mDOOWI0z9cYnjZqJQQ5LZN4QKIhycMscs/6aPMC0c4EDVuru6jeWV0y85JbmKSGv+DiIUAYcQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4.234810624e+09
-
unknown2
AAAABAAAAAEAAAXyAAAAAgAAAFQAAAACAAAPWwAAAA0AAAAPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/jquery-3.3.2.min.js
-
user_agent
Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
-
watermark
1359593325
Targets
-
-
Target
E31B.dll
-
Size
381KB
-
MD5
275de0fa302b364194f5cccc02de4a6a
-
SHA1
aee64bec2f84252fc593c2b372086e03507497b5
-
SHA256
fa2f0b11ec2b3e84560a8a3d686343c7099f1fa5a1694d3c5c2562db662902e2
-
SHA512
f07ba9b200ae5a3888c68811f215f15019995b2a6379a2bb3f2e4f06138b45e42c6dfe1614579300439b09ee93c33f01e520dd7129cbc9c99d423ba03dc6481a
Score10/10-
suricata: ET MALWARE Cobalt Strike Beacon Activity (GET)
suricata: ET MALWARE Cobalt Strike Beacon Activity (GET)
-
suricata: ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile M2
suricata: ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile M2
-
suricata: ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response
suricata: ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response
-
Blocklisted process makes network request
-