General
-
Target
dump.bin
-
Size
256KB
-
Sample
220113-xemgqscah2
-
MD5
59485df65989f03f5db83d66ae2675ed
-
SHA1
71676f2e3bba74fc422c470069ae4c326e68bfa0
-
SHA256
bc241456138abd744752e035000a6f581d975e5af3c3b92e56f380a31c9e19a1
-
SHA512
b5719ac113e54c549e97743f772208b31ff8c6859be78dd899e52f4d6829150201d98139789b385b52e012feb951c3acb3e517eb9578f85944069b7a27e17ce4
Static task
static1
Behavioral task
behavioral1
Sample
dump.bin.dll
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
dump.bin.dll
Resource
win10-en-20211208
Malware Config
Extracted
cobaltstrike
86281208
http://69.49.229.88:443/MQEw
-
access_type
512
-
beacon_type
2048
-
host
69.49.229.88,/MQEw
-
http_header1
AAAACgAAACVVc2VyLUFnZW50OiBNaWNyb3NvZnQtQ3J5cHRvQVBJIC8xMC4wAAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jc3AtcmVxdWVzdAAAAAcAAAAAAAAADwAAAA0AAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACVVc2VyLUFnZW50OiBNaWNyb3NvZnQtQ3J5cHRvQVBJIC8xMC4wAAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jc3AtcmVxdWVzdAAAAAcAAAAAAAAABgAAAARFdGFnAAAABwAAAAEAAAAPAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
8960
-
polling_time
45000
-
port_number
443
-
sc_process32
%windir%\syswow64\svchost.exe
-
sc_process64
%windir%\sysnative\svchost.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCGbP7Icq4IQIXkDR933AXP13+jzWO3NmXoZRRIF1ypnXlSt/sE1f/URw82z5tlblHu9dgfE8fYNvWh9isWHx5UXpBsB1e58MQXQHzRHOIdUUkDb0p7N45SBzL4hqOC2I79SLfBzsycA4JJ7XPt47vCVpbx1QtgVwv4CiHgIu61rwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
6.711296e+07
-
unknown2
AAAABAAAAA8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/ocsp4
-
user_agent
Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MAARJS)
-
watermark
86281208
Targets
-
-
Target
dump.bin
-
Size
256KB
-
MD5
59485df65989f03f5db83d66ae2675ed
-
SHA1
71676f2e3bba74fc422c470069ae4c326e68bfa0
-
SHA256
bc241456138abd744752e035000a6f581d975e5af3c3b92e56f380a31c9e19a1
-
SHA512
b5719ac113e54c549e97743f772208b31ff8c6859be78dd899e52f4d6829150201d98139789b385b52e012feb951c3acb3e517eb9578f85944069b7a27e17ce4
Score1/10 -