General
-
Target
dc9dbd7644f060d0aa2fe469a6bcafff7dbd5d696d782d153dcdd996f2999f50
-
Size
192KB
-
Sample
220122-ammq5sfafm
-
MD5
f8b6f46bcac857995a022c83c36e69f3
-
SHA1
450ee00fbeafc0c32a01e13efd82868f858f6efc
-
SHA256
dc9dbd7644f060d0aa2fe469a6bcafff7dbd5d696d782d153dcdd996f2999f50
-
SHA512
e39a8e82f4097fc2b26ca1fa6229f187642c2733c13c62d25729003e5563cd5a0e1854e12c3d8e17e43529349be978443b9aa25966ccf0adfd0f5cbab5397c9b
Static task
static1
Behavioral task
behavioral1
Sample
dc9dbd7644f060d0aa2fe469a6bcafff7dbd5d696d782d153dcdd996f2999f50.dll
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
dc9dbd7644f060d0aa2fe469a6bcafff7dbd5d696d782d153dcdd996f2999f50.dll
Resource
win10-en-20211208
Malware Config
Extracted
cobaltstrike
0
http://clients.testproseld.com:80/cx
http://info.testproseld.com:80/en_US/all.js
http://login.testproseld.com:80/j.ad
http://pic.testproseld.com:80/ptj
-
beacon_type
256
-
host
clients.testproseld.com,/cx,info.testproseld.com,/en_US/all.js,login.testproseld.com,/j.ad,pic.testproseld.com,/ptj
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
maxdns
255
-
pipe_name
\\%s\pipe\msagent_%x
-
polling_time
60000
-
port_number
80
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCR1Bx3K4z3UvrVePckU2cHSxuONkr2iCX8ACIc8DQXzAS4y05pKRaxxP2f5Wo0RjXFWsZZTZXKXl43imBFPD5UlLDxKSWaSvYwyDF+JacgHbYQ5W2nn0X4rS8zB7ntKNEy2WLDqPq6VcHoeYbcf3YGaki3VjHVWc5JF/XXDLxirQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)
-
watermark
0
Targets
-
-
Target
dc9dbd7644f060d0aa2fe469a6bcafff7dbd5d696d782d153dcdd996f2999f50
-
Size
192KB
-
MD5
f8b6f46bcac857995a022c83c36e69f3
-
SHA1
450ee00fbeafc0c32a01e13efd82868f858f6efc
-
SHA256
dc9dbd7644f060d0aa2fe469a6bcafff7dbd5d696d782d153dcdd996f2999f50
-
SHA512
e39a8e82f4097fc2b26ca1fa6229f187642c2733c13c62d25729003e5563cd5a0e1854e12c3d8e17e43529349be978443b9aa25966ccf0adfd0f5cbab5397c9b
Score3/10 -