General
-
Target
asdfgh.ps
-
Size
193KB
-
Sample
211126-mpjhqabhbm
-
MD5
f9279a34baa5c3563096e9455a3e7be0
-
SHA1
52556ead53f70cfa566cb735a3e31d2d2dfeea2c
-
SHA256
6b58cfc97235c7e05efb6a826ae50614e3392caa778e9bfcb59056f36ae0e7b1
-
SHA512
a9687b93ec56c7a5b85f874626bf9c86d6b942c7b30f9209f267fc036d8b155f66538e90f20e29b6634576af41fb3fcf668d967f0a4201a99078e7515d5fd54e
Static task
static1
Behavioral task
behavioral1
Sample
asdfgh.ps.ps1
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
asdfgh.ps.ps1
Resource
win10-en-20211104
Malware Config
Extracted
cobaltstrike
1359593325
http://46.166.161.68:80/mobile-ipad-home
-
access_type
512
-
host
46.166.161.68,/mobile-ipad-home
-
http_header1
AAAAEAAAABlIb3N0OiBjaXNjb3ZwbnVwZGF0ZXIuY29tAAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAAPQWNjZXB0OiBpbWFnZS8qAAAACgAAABNBY2NlcHQtRW5jb2Rpbmc6IGJyAAAABwAAAAAAAAADAAAAAwAAAAIAAAAYd3Bfd29vY29tbWVyY2Vfc2Vzc2lvbl89AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAAEAAAABlIb3N0OiBjaXNjb3ZwbnVwZGF0ZXIuY29tAAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAAWQWNjZXB0LUxhbmd1YWdlOiBlbi1VUwAAAAoAAAAvQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQAAAAHAAAAAQAAAA8AAAADAAAAAgAAAAdlZGl0b3I9AAAABAAAAAcAAAAAAAAAAwAAAAIAAAAOX19zZXNzaW9uX19pZD0AAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
9472
-
polling_time
64274
-
port_number
80
-
sc_process32
%windir%\syswow64\svchost.exe
-
sc_process64
%windir%\sysnative\svchost.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJvC2CQYaIouT41kXKVNrM5lLvclGJRE+i3ves+vC0AADUWTPs64Dn/B4eKlQKPpbC/8IgJjadD/B9pZiY8XUlk4dvaagLdjBCq7uSxS+KhVVsX46LBSBgIxaE4AeoZvwBD2n0wdeeI2sbkMvDhhv5s6Nmz12sAtOVGdr8cX3s5QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
7.8457344e+07
-
unknown2
AAAABAAAAAIAAAJYAAAAAwAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/ur
-
user_agent
Mozilla/5.0 (Linux; Android 7.0; Pixel C Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0
-
watermark
1359593325
Targets
-
-
Target
asdfgh.ps
-
Size
193KB
-
MD5
f9279a34baa5c3563096e9455a3e7be0
-
SHA1
52556ead53f70cfa566cb735a3e31d2d2dfeea2c
-
SHA256
6b58cfc97235c7e05efb6a826ae50614e3392caa778e9bfcb59056f36ae0e7b1
-
SHA512
a9687b93ec56c7a5b85f874626bf9c86d6b942c7b30f9209f267fc036d8b155f66538e90f20e29b6634576af41fb3fcf668d967f0a4201a99078e7515d5fd54e
Score10/10-
Blocklisted process makes network request
-