General
-
Target
6582852515430400.zip
-
Size
194KB
-
Sample
220121-t71naaacd3
-
MD5
51a6e9c85ad559e03df159989567d0d1
-
SHA1
e77c110bcb4e5d5e7f56601e964cc5dd33c2d981
-
SHA256
8ffec06f2b7c60bfef1b0c8d3f227b7222ea1ba2f623d18406680db5e08b9211
-
SHA512
dfc132990cf7c3bcc8ecd880447cf23fb9e36864ac7241f4ca24c4fb6022041011a8bbbca52a03c74e0a72c4c9167b85e8001501f300dd8ec057f287087ae348
Static task
static1
Behavioral task
behavioral1
Sample
02f799aefea8c02dee48ad0773f25272d67dae6f31deec90ed1fbd8de7be69e1.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
02f799aefea8c02dee48ad0773f25272d67dae6f31deec90ed1fbd8de7be69e1.exe
Resource
win10-en-20211208
Malware Config
Extracted
cobaltstrike
0
http://shemsut.com:80/access/
-
access_type
512
-
host
shemsut.com,/access/
-
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAeR2V0Q29udGVudEZlYXR1cmVzLkRMTkEuT1JHOiAxAAAAEAAAACNIb3N0OiBkMjBodnNvd2huZXBqcC5jbG91ZGZyb250Lm5ldAAAAAoAAABIQ29va2llOiAgX191dG1hPTM3NjY3NzYxMy41OTkzMjU0MzgyLjg1MzE0MjMyOTYuMzEwNjgyOTcyNi4yNzY0NDU3NjAzLjk7AAAACQAAAAl2ZXJzaW9uPTQAAAAJAAAADmxpZD04ODU5NDgzMTUwAAAABwAAAAAAAAAIAAAABQAAAAV0b2tlbgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAQAAAAI0hvc3Q6IGQyMGh2c293aG5lcGpwLmNsb3VkZnJvbnQubmV0AAAABwAAAAAAAAAFAAAAA3JpZAAAAAkAAAAObGlkPTE0NDk1NzIzMjMAAAAJAAAAH21ldGhvZD1nZXRTZWFyY2hSZWNvbW1lbmRhdGlvbnMAAAAHAAAAAQAAAAMAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
880
-
port_number
80
-
sc_process32
%windir%\syswow64\mstsc.exe
-
sc_process64
%windir%\sysnative\mstsc.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCEjBm6bwxp80Ms1hN+mZREU9XEUJmDuJQeZhuznp9TYDmGsgqwaDMsI7YExD1rZ5eSa1YOC33Lwc6KJyNQ2X9a80oTRfdAVFAhYvvOC2/0WWnIlzeqMA+7l6gQFxb7ipe+oBm/bAizBPxVkJl/mpZXi32EdVTVZ/miqdmHCxh+lwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
7.382016e+08
-
unknown2
AAAABAAAAAIAAAAQAAAAAgAAABAAAAACAAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/radio/xmlrpc/v35
-
user_agent
Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 GTB6 (.NET CLR 3.5.30729)
-
watermark
0
Targets
-
-
Target
02f799aefea8c02dee48ad0773f25272d67dae6f31deec90ed1fbd8de7be69e1
-
Size
220KB
-
MD5
d5a716126c1c964849c6b57d9b0fdc86
-
SHA1
426e890d6bca1ef5cb7918daa2652cd73beb6e67
-
SHA256
02f799aefea8c02dee48ad0773f25272d67dae6f31deec90ed1fbd8de7be69e1
-
SHA512
6c41239d64dbd75a7eeba0abfe39e0b096d5ecf53a807bdadfe065d8419df2c2957c768f730f06c006f02d898e80de769b1b07e0c20fac360d4ed7332c23684b
Score10/10 -