General
-
Target
5926893401047040.zip
-
Size
276KB
-
Sample
220123-v551nagcf2
-
MD5
c8dc43af1500701e157d16d75a870232
-
SHA1
fefe2df7ae49c5529ab50c778757474b5a54016c
-
SHA256
a2c5bd12da8bad836398270b2bc9ff81c616654d5c8d24095ec867a8d5be5ba3
-
SHA512
58c65a4b8957afda1e1a32d133f90a38b775735dbc84fd83d6be68f411dd1ceff0091fb5244476e4a74e364f6092588c2f4011a6ebb5ab13a1ff5094082c3c8d
Static task
static1
Behavioral task
behavioral1
Sample
fc4b842b4f6a87df3292e8634eefc935657edf78021b79f9763548c74a4d62b8.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
fc4b842b4f6a87df3292e8634eefc935657edf78021b79f9763548c74a4d62b8.exe
Resource
win10-en-20211208
Malware Config
Extracted
cobaltstrike
666
http://catalantech.com:443/wp-content/condensed-soups/
-
access_type
512
-
beacon_type
2048
-
dns_idle
6.7372036e+07
-
dns_sleep
8.1297408e+08
-
host
catalantech.com,/wp-content/condensed-soups/
-
http_header1
AAAACgAAAF1BY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LGltYWdlL2F2aWYsaW1hZ2Uvd2VicCwqLyo7cT0wLjgAAAAKAAAAH0FjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjUAAAAKAAAAIkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZSwgYnIAAAAKAAAAFkNvbm5lY3Rpb246IGtlZXAtYWxpdmUAAAAHAAAAAAAAAA8AAAANAAAAAQAAAAkvc291cC5naWYAAAAMAAAAAAAAAA==
-
http_header2
AAAACgAAAB5Db250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL2pzb24AAAAKAAAAEUNvbm5lY3Rpb246IGNsb3NlAAAABwAAAAAAAAAPAAAACAAAAAYAAAAOQXV0aGVudGljYXRpb24AAAAHAAAAAQAAAAMAAAACAAAATXsiaW1hZ2VfdXJsIiA6ICJodHRwOi8vbWVtZXNtaXgubmV0L21lZGlhL2NyZWF0ZWQvam9vd2RqLmpwZyIsICJhdXRoZGF0YSIgOiAiAAAAAQAAAAIifQAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_method1
GET
-
http_method2
POST
-
jitter
7680
-
maxdns
235
-
polling_time
60000
-
port_number
443
-
sc_process32
%windir%\syswow64\dfrgui.exe
-
sc_process64
%windir%\sysnative\dfrgui.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCLu1RvfMEgF+HjkFoq/QEjMZ54V+A3OYLzArN8ECJlssKlYTib8cnmMfOVrchAajavti/aQRo3gwWSLi9fhFkWRTkq7lgn6yzgpYAl9tNfkR96xBReIE1Vt6V9319g3FcnmfQF89aLp8Uk+hPADnjI1TCDqZ7EXldrDiOny6E8ewIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
3.154317312e+09
-
unknown2
AAAABAAAAAIAAAAwAAAAAgAAADAAAAACAAAAMAAAAAIAAAAwAAAAAgAAADAAAAACAAAAMAAAAAIAAAAwAAAAAgAAADAAAAACAAAAMAAAAAIAAAAwAAAAAgAAADAAAAACAAAAMAAAAAIAAAAwAAAAAgAAADAAAAACAAAAMAAAAAIAAAAwAAAAAgAAADAAAAACAAAAMAAAAAIAAAAwAAAAAgAAACwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/picture_upload/
-
user_agent
Mozilla/5.0 (X11; CrOS x86_64 13597.94.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.186 Safari/537.36
-
watermark
666
Extracted
cobaltstrike
0
-
watermark
0
Targets
-
-
Target
fc4b842b4f6a87df3292e8634eefc935657edf78021b79f9763548c74a4d62b8
-
Size
310KB
-
MD5
3be8e222b937f3c1090988c60dfb830f
-
SHA1
708fdc055e1b86076ba4342577c7dfc5aac6231e
-
SHA256
fc4b842b4f6a87df3292e8634eefc935657edf78021b79f9763548c74a4d62b8
-
SHA512
bf762e59fa0bcae77363e9eff96fa2827467bb69c2efebef273df4d1c4fd4ca2a063b1fe6798abc89a6720d3c7bb8b92314b9b8ae01e1979c61033898462c159
Score10/10 -