General
-
Target
67b0000.dll
-
Size
208KB
-
Sample
220111-jkm4kafdam
-
MD5
e999467bfc36d775dcad4207f56993f1
-
SHA1
b7524bb1d488ed011f80342dbf83f941f5cb5650
-
SHA256
d1c9a2298a195bd31a14e0c4a777bf045f5f0d2edbbfd2aa151db3d08c017b6f
-
SHA512
ddbcd210e7b548cb2a2a2816fdc7a0efe1059a42be19a244903b2f764150a7ca7d90f55158be057e67f4db625c79c76f2ae0b7de58053accbaa32ee2b13b1eb6
Static task
static1
Behavioral task
behavioral1
Sample
67b0000.dll
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
67b0000.dll
Resource
win10-en-20211208
Malware Config
Extracted
cobaltstrike
1359593325
http://midcitylanews.com:443/news/update/aaa
-
access_type
512
-
beacon_type
2048
-
host
midcitylanews.com,/news/update/aaa
-
http_header1
AAAACgAAABdDb250ZW50LVR5cGU6IHRleHQvaHRtbAAAAAoAAAAXQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUAAAAHAAAAAAAAAAgAAAABAAAAB3YxLjU0NzIAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACFDb250ZW50LVR5cGU6IG11bHRpcGFydC9mb3JtLWRhdGEAAAAKAAAAF0NhY2hlLUNvbnRyb2w6IG5vLWNhY2hlAAAABwAAAAAAAAALAAAAAQAAAAUvLmpwZwAAAAwAAAAHAAAAAQAAAA0AAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
7680
-
polling_time
60000
-
port_number
443
-
sc_process32
%windir%\syswow64\dllhost.exe
-
sc_process64
%windir%\sysnative\dllhost.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCmvg7ZMKuOy4b6zWQZu+OPtbyHRJvw2SFM1xPY8rgejFcFyo5c0JZTdjIsn1/P29ZHyiCMAuyxMFk9UWg3sWeZKknb1v6+NFQcMLyYjctXQuOnpEVJ17M2T+iOkUvMoBwBdWaNEPTDbJS8M+NIGXgkYR60ozQfEMWwIICwK89i+wIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
1.481970944e+09
-
unknown2
AAAABAAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/form/sent/ppw
-
user_agent
Mozilla/5.0 (Windows NT 6.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36
-
watermark
1359593325
Targets
-
-
Target
67b0000.dll
-
Size
208KB
-
MD5
e999467bfc36d775dcad4207f56993f1
-
SHA1
b7524bb1d488ed011f80342dbf83f941f5cb5650
-
SHA256
d1c9a2298a195bd31a14e0c4a777bf045f5f0d2edbbfd2aa151db3d08c017b6f
-
SHA512
ddbcd210e7b548cb2a2a2816fdc7a0efe1059a42be19a244903b2f764150a7ca7d90f55158be057e67f4db625c79c76f2ae0b7de58053accbaa32ee2b13b1eb6
Score3/10 -