General
-
Target
tmp/aaaaaa.exe
-
Size
281KB
-
Sample
211215-jk7szaghg7
-
MD5
36421fab22f3270267107d2a7e32aaba
-
SHA1
a072b4173f0d973543ab569b6d9266863323b6e5
-
SHA256
331a0a89638745b56514306e0a2eae542aecb4fb3a8220acd280e9c205dbff78
-
SHA512
67da15df22dd24836ee35ccdf84d71cfb3f3af3a68e191aa2ff0dc0f6bf62d82d309d7ca801992e96c1da426d8575a11df64fe1c044845f839ca9ccd1f2f7a99
Static task
static1
Behavioral task
behavioral1
Sample
tmp/aaaaaa.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
tmp/aaaaaa.exe
Resource
win10-en-20211208
Malware Config
Extracted
cobaltstrike
1359593325
http://81.69.33.253:8065/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
-
access_type
512
-
host
81.69.33.253,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
-
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAABAAAAAVSG9zdDogYXBpcy5hbGl5dW4uY29tAAAABwAAAAAAAAADAAAAAgAAAA5zZXNzaW9uLXRva2VuPQAAAAIAAAAMc2tpbj1ub3NraW47AAAAAQAAACxjc20taGl0PXMtMjRLVTExQkI4MlJaU1lHSjNCREt8MTQxOTg5OTAxMjk5NgAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAQAAAAFUhvc3Q6IGFwaXMuYWxpeXVuLmNvbQAAAAkAAAAKc3o9MTYweDYwMAAAAAkAAAARb2U9b2U9SVNPLTg4NTktMTsAAAAHAAAAAAAAAAUAAAACc24AAAAJAAAABnM9MzcxNwAAAAkAAAAiZGNfcmVmPWh0dHAlM0ElMkYlMkZ3d3cuYW1hem9uLmNvbQAAAAcAAAABAAAAAwAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
5000
-
port_number
8065
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCRsyWaf2BLhIC/WR1UrCDet1+BO7jNM47xgaOUd41zhsWulziUoNn2gzXj3UvK2qs/RlyKrj1v0FPSQCV79JgAa2i0r8LaZDAZPKi5xc0iuY4pFWOIMHGKFSXSg/5N2OUcXpPIdPQG/r0Za9726O9Y3Q2VhqgJ3k7GIzphLR9xgwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/N4215/adj/amzn.us.sr.aps
-
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
-
watermark
1359593325
Targets
-
-
Target
tmp/aaaaaa.exe
-
Size
281KB
-
MD5
36421fab22f3270267107d2a7e32aaba
-
SHA1
a072b4173f0d973543ab569b6d9266863323b6e5
-
SHA256
331a0a89638745b56514306e0a2eae542aecb4fb3a8220acd280e9c205dbff78
-
SHA512
67da15df22dd24836ee35ccdf84d71cfb3f3af3a68e191aa2ff0dc0f6bf62d82d309d7ca801992e96c1da426d8575a11df64fe1c044845f839ca9ccd1f2f7a99
Score10/10 -