General
-
Target
ancoiq2.exe
-
Size
463KB
-
Sample
220105-vg2nbsahcj
-
MD5
d994e2fd303808d11b48f75d494ca8dd
-
SHA1
0068f47ce0e24d86ec4f717fc6def5f12c780153
-
SHA256
fff82d0ec3c87081fdd41eece5bf406fbe4543ad8888c64818efcb28777c81ae
-
SHA512
5bea32731119ee8b90ce563ece9956adac775c21844a1de2eb55c152a265fc675d4944b6ab3b728e380ec81eae73072644646c3bd0999a9d75ac24b30df83225
Static task
static1
Behavioral task
behavioral1
Sample
ancoiq2.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
ancoiq2.exe
Resource
win10-en-20211208
Malware Config
Extracted
cobaltstrike
0
http://juniperengineer.com:778/cr.js
-
access_type
512
-
beacon_type
2048
-
host
juniperengineer.com,/cr.js
-
http_header1
AAAAEAAAABlIb3N0OiBqdW5pcGVyZW5naW5lZXIuY29tAAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAcAAAAAAAAADwAAAAMAAAACAAAAK3dvcmRwcmVzc181MjIzODU1OGU5MzBmMWVjNjk5ZTRmMTJhYjAxNWE0Zj0AAAAGAAAABkNvb2tpZQAAAAkAAAAKZm5hbWU9dHJ1ZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAAEAAAABlIb3N0OiBqdW5pcGVyZW5naW5lZXIuY29tAAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAA9QWNjZXB0LUxhbmd1YWdlOiBmci1DSCwgZnI7cT0wLjksIGVuO3E9MC44LCBkZTtxPTAuNywgKjtxPTAuNQAAAAoAAAAYQ29udGVudC1UeXBlOiB0ZXh0L3BsYWluAAAABwAAAAEAAAADAAAAAwAAAAQAAAAHAAAAAAAAAAMAAAACAAAADl9fc2Vzc2lvbl9faWQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
9984
-
polling_time
55131
-
port_number
778
-
sc_process32
%windir%\syswow64\runonce.exe
-
sc_process64
%windir%\sysnative\runonce.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCds2C2/+VG4gj/uvAACl/YQXdnjOEt7yzmsbIFr1xqoM3Yjs3KC5nO97M/up4mKTEPJbVRhSy3WR0l8G6AQ+FVMjL7x4ii9rG9UA85M9iJN7dYyNX/VtlBpUWTPDeTbcay9hp3mmFElyTxqtgJUhFvbnbsUUT+VNjKGrbjxRnCFQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
1.031085056e+09
-
unknown2
AAAABAAAAAIAAANxAAAAAwAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/br
-
user_agent
Mozilla/5.0 (iPhone; CPU iPhone OS 12_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0
-
watermark
0
Targets
-
-
Target
ancoiq2.exe
-
Size
463KB
-
MD5
d994e2fd303808d11b48f75d494ca8dd
-
SHA1
0068f47ce0e24d86ec4f717fc6def5f12c780153
-
SHA256
fff82d0ec3c87081fdd41eece5bf406fbe4543ad8888c64818efcb28777c81ae
-
SHA512
5bea32731119ee8b90ce563ece9956adac775c21844a1de2eb55c152a265fc675d4944b6ab3b728e380ec81eae73072644646c3bd0999a9d75ac24b30df83225
Score10/10 -