General
-
Target
a88e83a8808d0978892705e0db49b784.exe.vir
-
Size
19KB
-
Sample
220108-p9bpqadad3
-
MD5
a88e83a8808d0978892705e0db49b784
-
SHA1
4f98927d80bc29e7dcc5db96ea772fc260084cf6
-
SHA256
6c737ddbc304760111281fc03f544a9fa7529f15c85241f57cfae9fce79c5856
-
SHA512
1d2da9c21c870e4b4e4cb66fadc14930868d9f0f83fcb318258b8aba99f5fb969ee2bbeab21df50e94d57e4fd1824357fec06631b65208f8b2326f57d6e2cf1c
Static task
static1
Behavioral task
behavioral1
Sample
a88e83a8808d0978892705e0db49b784.exe.vir.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
a88e83a8808d0978892705e0db49b784.exe.vir.exe
Resource
win10-en-20211208
Malware Config
Extracted
cobaltstrike
http://www.fscoode.xyz:2083/dJeJ
-
user_agent
User-Agent: Mozilla/5.0 (Trident/7.0; LCJB; rv:11.0) Iike Gecko
Extracted
cobaltstrike
0
http://www.fscoode.xyz:2083/access/
-
access_type
512
-
beacon_type
2048
-
host
www.fscoode.xyz,/access/
-
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAeR2V0Q29udGVudEZlYXR1cmVzLkRMTkEuT1JHOiAxAAAACgAAAEhDb29raWU6ICBfX3V0bWE9MjEwMDc3NjIyLjE3MzI0Mzk5OTUuMTQzMzIwMTQ2Mi4xNDAzMjA0MzcyLjEzODUyMDI0OTMuMjsAAAAJAAAACXZlcnNpb249NAAAAAkAAAAObGlkPTE1ODI1MDI3MjQAAAAHAAAAAAAAAAgAAAAFAAAABXRva2VuAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAHAAAAAAAAAAUAAAADcmlkAAAACQAAAA5saWQ9MTU4MjUwMjcyNAAAAAkAAAAfbWV0aG9kPWdldFNlYXJjaFJlY29tbWVuZGF0aW9ucwAAAAcAAAABAAAAAwAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
5376
-
polling_time
1000
-
port_number
2083
-
sc_process32
%windir%\syswow64\WerFault.exe
-
sc_process64
%windir%\sysnative\WerFault.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbpXVpOkYGrwsZZkZJfk9eJ2rNap4IcIBRhWbvHtYFQGqn4wznr9nvbZsofxNRHuPEjC4Gouxd5h/c/TiROj9uKeeNcPEYtlSOFDmFw2QbJWxG02IC/Iu4GTNgT37h+cvgPU/MXFTu3VCC6Bv4iMzcebXCVogqbLzo32i1TZQ8vwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
1.4764032e+09
-
unknown2
AAAABAAAAAgAAAACAAAAEAAAAAIAAAAQAAAAAgAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/radio/xmlrpc/v35
-
user_agent
Mozilla/5.0 (Trident/7.0; LCJB; rv:11.0) Iike Gecko
-
watermark
0
Targets
-
-
Target
a88e83a8808d0978892705e0db49b784.exe.vir
-
Size
19KB
-
MD5
a88e83a8808d0978892705e0db49b784
-
SHA1
4f98927d80bc29e7dcc5db96ea772fc260084cf6
-
SHA256
6c737ddbc304760111281fc03f544a9fa7529f15c85241f57cfae9fce79c5856
-
SHA512
1d2da9c21c870e4b4e4cb66fadc14930868d9f0f83fcb318258b8aba99f5fb969ee2bbeab21df50e94d57e4fd1824357fec06631b65208f8b2326f57d6e2cf1c
Score10/10 -