General
-
Target
tmp/934465db-23cb-4c1e-9dcf-953621e3d3a0_bypassav.exe
-
Size
6.8MB
-
Sample
211215-2cf96aafh4
-
MD5
569e38187f70271f61965efda2f37b7d
-
SHA1
9a4ec4f85ae1489e38fb1855761c9b23010788fb
-
SHA256
1ac1951c91a9dcc4db5c468a033a6dfa052fba60eb9a79ab3adb4a33b31e335e
-
SHA512
04a7d5cac5d6e99fa4a0908b11586f22b825f212445d9bd770cea0767491e413d4a298f9529483311e21596f1d5865bb2fb12086bd027746ad6247ed25470c10
Static task
static1
Behavioral task
behavioral1
Sample
tmp/934465db-23cb-4c1e-9dcf-953621e3d3a0_bypassav.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
tmp/934465db-23cb-4c1e-9dcf-953621e3d3a0_bypassav.exe
Resource
win10-en-20211208
Malware Config
Extracted
cobaltstrike
http://103.239.103.17:8080/jquery-3.3.2.slim.min.js
-
user_agent
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Referer: http://code.jquery.com/ Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
Targets
-
-
Target
tmp/934465db-23cb-4c1e-9dcf-953621e3d3a0_bypassav.exe
-
Size
6.8MB
-
MD5
569e38187f70271f61965efda2f37b7d
-
SHA1
9a4ec4f85ae1489e38fb1855761c9b23010788fb
-
SHA256
1ac1951c91a9dcc4db5c468a033a6dfa052fba60eb9a79ab3adb4a33b31e335e
-
SHA512
04a7d5cac5d6e99fa4a0908b11586f22b825f212445d9bd770cea0767491e413d4a298f9529483311e21596f1d5865bb2fb12086bd027746ad6247ed25470c10
Score10/10-
Loads dropped DLL
-