General
-
Target
20220124svchost.zip
-
Size
4.2MB
-
Sample
220125-k2p5xscfek
-
MD5
73e10501b54e3ed8024f4882ef5f3cff
-
SHA1
08372e11394b25eedbb84f3cc3fd915d0be5ad14
-
SHA256
f01f5fb0137d71bbaa7e2762e6e92d9b8fdb56d16b60c332b7e0a897c6205f31
-
SHA512
781c39a32409261bdcefebc50b18f7c52549751835839216cb2e03727a6bc05ca4cfcd34e4dfa58f1dbbf2b08025092d244b4ca81bb2a6e30c38b051ef66e52f
Static task
static1
Behavioral task
behavioral1
Sample
20220124svchost/dllhost.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
20220124svchost/dllhost.exe
Resource
win10-en-20211208
Behavioral task
behavioral3
Sample
20220124svchost/host.exe
Resource
win7-en-20211208
Behavioral task
behavioral4
Sample
20220124svchost/host.exe
Resource
win10-en-20211208
Behavioral task
behavioral5
Sample
20220124svchost/svchost.exe
Resource
win7-en-20211208
Behavioral task
behavioral6
Sample
20220124svchost/svchost.exe
Resource
win10-en-20211208
Malware Config
Extracted
cobaltstrike
http://dash.139pro.com:8880/w/static/js/app.clf44eeb.js
-
user_agent
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Host: dash.139pro.com Referer: http://www.bing.com/ Accept-Encoding: deflate User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0
Extracted
cobaltstrike
999999
http://dash.139pro.com:8880/w/static/js/chunk-vendors.811798f9.js
-
access_type
512
-
host
dash.139pro.com,/w/static/js/chunk-vendors.811798f9.js
-
http_header1
AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAABAAAAAVSG9zdDogZGFzaC4xMzlwcm8uY29tAAAACgAAAB1SZWZlcmVyOiBodHRwOi8vd3d3LmJpbmcuY29tLwAAAAoAAAAYQWNjZXB0LUVuY29kaW5nOiBkZWZsYXRlAAAABwAAAAAAAAANAAAAAgAAABJzZW5zb3JzX3N0YXlfdGltZT0AAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAABAAAAAVSG9zdDogZGFzaC4xMzlwcm8uY29tAAAACgAAAB1SZWZlcmVyOiBodHRwOi8vd3d3LmJpbmcuY29tLwAAAAoAAAAYQWNjZXB0LUVuY29kaW5nOiBkZWZsYXRlAAAABwAAAAAAAAAPAAAADQAAAAUAAAARc2Vuc29yc19zdGF5X3RpbWUAAAAHAAAAAQAAAA8AAAANAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
9472
-
polling_time
1000
-
port_number
8880
-
sc_process32
%windir%\syswow64\dllhost.exe
-
sc_process64
%windir%\sysnative\dllhost.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCsaux/wtu42BOnD2ggcEwMY95Evz5CW0fQx0ahyfR8HW/DflLHIQ4ewNdq3O0uHj71HDIrT6ChacHhvuDqvs1UD5IxDN8Auubbj3cWEkYrA6iS2wBL6O5uSwelCcOa0+ckWFDTP9ISLCyE5U+hBAj32r4+41KjlyyKZTCfYcog5QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
1.633293568e+09
-
unknown2
AAAABAAAAAEAAAIlAAAAAgAAAFQAAAACAAACjQAAAA0AAAAPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/w/static/js/chunk-vendors.8l1798f9.js
-
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0
-
watermark
999999
Targets
-
-
Target
20220124svchost/dllhost.exe
-
Size
18KB
-
MD5
9361355721f51e3a25df53702d10e9de
-
SHA1
635d234b72f097105153a8d24080826e404f9273
-
SHA256
1128499ac255bb11f25cd617f766b15f65f9eab1e0a531200c3878e80c96e41e
-
SHA512
a73f73d07d8333eff54aef32e12709511b12afb5012affaa00e7276e6a3284ecaba4a27c90a619fbf92478d5080e5d05ea0007597d0204fddf4b9554ef5004c5
Score1/10 -
-
-
Target
20220124svchost/host.exe
-
Size
7KB
-
MD5
4b7b09158efe990aeae84bffd3495a06
-
SHA1
4d5a9a49b22815f344c90e04d8f3536bea29d501
-
SHA256
ef9fe61878d9d6ef602dedf8bad61927b8a754886c4923119572117141a87227
-
SHA512
90c9bd74c843bcfa0749509ffe0a647ed93318734bed8e68379037ffe84c4200854fd42bd726c8e214f15e1094abcb6cb818c14562bc717a15bcba08a0714d84
Score10/10 -
-
-
Target
20220124svchost/svchost.exe
-
Size
4.3MB
-
MD5
0f13dd7af36816e7af4cfc1d478313f6
-
SHA1
c7a80ace11e6ed13c9e7d2362ff0a3a21d11400d
-
SHA256
a7b3052896fde162f15e38f0df0dd1535bc75a9b98d907ee9b4b8ed32c759df0
-
SHA512
219ec2cc2fab0456755750eea73d9a1e426925fd89c6da6c185c6dabbce28668506f73cef40733152faffc14f25686cd5042610ad79dd0a15b40bb19973b4231
Score1/10 -