General
-
Target
asdfgh
-
Size
193KB
-
Sample
211019-r7qf7sghfl
-
MD5
7e1fdce1a506b0c19f231e4e55a5475a
-
SHA1
446bdbfbaaf7de20eb6be6db5ac4e038710a5188
-
SHA256
29c8c4ba356d546eecb0090fbc2f20047ae59dd9b8e8dd6f1165203823c89299
-
SHA512
992169d1ae7bca9b56712e31df15dad70c8dab28cff5efcff7c4b6989675e175e62e2e5ad06fb1df2e350fe6bc3b898a3d07e7bb7e240178f26b211a3467b250
Static task
static1
Behavioral task
behavioral1
Sample
asdfgh.ps1
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
asdfgh.ps1
Resource
win10-en-20211014
Malware Config
Extracted
cobaltstrike
1359593325
http://173.234.155.219:80/ml.html
-
access_type
512
-
host
173.234.155.219,/ml.html
-
http_header1
AAAAEAAAABlIb3N0OiBzb3Bob3NzZWN1cml0eXQuY29tAAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAAZQWNjZXB0LUVuY29kaW5nOiBnemlwLCBicgAAAAcAAAAAAAAACAAAAAMAAAACAAAAK3dvcmRwcmVzc19lZDFmNjE3YmJkNmMwMDRjYzA5ZTA0NmYzYzFiNzE0OD0AAAAGAAAABkNvb2tpZQAAAAkAAAAOcHJvZmlsZXI9ZmFsc2UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAAEAAAABlIb3N0OiBzb3Bob3NzZWN1cml0eXQuY29tAAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAAVQWNjZXB0LUVuY29kaW5nOiBnemlwAAAACgAAABhDb250ZW50LVR5cGU6IHRleHQvcGxhaW4AAAAHAAAAAQAAAA8AAAADAAAABAAAAAcAAAAAAAAAAwAAAAIAAAAOX19zZXNzaW9uX19pZD0AAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
9984
-
polling_time
55633
-
port_number
80
-
sc_process32
%windir%\syswow64\WUAUCLT.exe
-
sc_process64
%windir%\sysnative\WUAUCLT.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJvC2CQYaIouT41kXKVNrM5lLvclGJRE+i3ves+vC0AADUWTPs64Dn/B4eKlQKPpbC/8IgJjadD/B9pZiY8XUlk4dvaagLdjBCq7uSxS+KhVVsX46LBSBgIxaE4AeoZvwBD2n0wdeeI2sbkMvDhhv5s6Nmz12sAtOVGdr8cX3s5QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4.272630272e+09
-
unknown2
AAAABAAAAAIAAAFSAAAAAwAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/favicon
-
user_agent
Mozilla/5.0 (iPhone; CPU iPhone OS 12_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0
-
watermark
1359593325
Targets
-
-
Target
asdfgh
-
Size
193KB
-
MD5
7e1fdce1a506b0c19f231e4e55a5475a
-
SHA1
446bdbfbaaf7de20eb6be6db5ac4e038710a5188
-
SHA256
29c8c4ba356d546eecb0090fbc2f20047ae59dd9b8e8dd6f1165203823c89299
-
SHA512
992169d1ae7bca9b56712e31df15dad70c8dab28cff5efcff7c4b6989675e175e62e2e5ad06fb1df2e350fe6bc3b898a3d07e7bb7e240178f26b211a3467b250
Score10/10-
Blocklisted process makes network request
-