General
-
Target
21633bb2e378d40e3e13b88bf3a7fd397ad1229eab9730cf93fc2cc260fbdd4f
-
Size
833KB
-
Sample
220131-ersv6sfdf6
-
MD5
cb6991a10c698a7e632d3397a15a1355
-
SHA1
cdc62df36002885fd268f4ceabecb7ec007963b4
-
SHA256
21633bb2e378d40e3e13b88bf3a7fd397ad1229eab9730cf93fc2cc260fbdd4f
-
SHA512
07eb1a7cad56c7349bd8c895ccf720db2c27a93d0303ffaaaf56b15ac73606d3335a6169a8e4ea36c4f2ff7133664bf24027bff36a919037c56c4e511811162d
Behavioral task
behavioral1
Sample
21633bb2e378d40e3e13b88bf3a7fd397ad1229eab9730cf93fc2cc260fbdd4f.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
21633bb2e378d40e3e13b88bf3a7fd397ad1229eab9730cf93fc2cc260fbdd4f.exe
Resource
win10-en-20211208
Malware Config
Extracted
cobaltstrike
0
http://mclightinggroup.com:443/assets/environment-f0a84e0c1.js
-
access_type
512
-
beacon_type
2048
-
host
mclightinggroup.com,/assets/environment-f0a84e0c1.js
-
http_header1
AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAAAoAAAAbUmVmZXJlcjogaHR0cDovL2dvb2dsZS5jb20vAAAACgAAAB5BY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUAAAAHAAAAAAAAAA0AAAACAAAAE19fQ2h1bmtTZXNzaW9uRGF0YT0AAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAAAoAAAAfUmVmZXJlcjogaHR0cDovL3d3dy5nb29nbGUuY29tLwAAAAoAAAAeQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlAAAABwAAAAAAAAAPAAAADQAAAAUAAAAQX19DaHVua0F1dGhUb2tlbgAAAAcAAAABAAAADwAAAA0AAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
9472
-
polling_time
25000
-
port_number
443
-
sc_process32
%windir%\syswow64\dllhost1.exe
-
sc_process64
%windir%\sysnative\dllhost1.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQClb9YN/Mm0G5C15pg8YXJjbOaNzDpbbtHQjkO4a7QyI5S8GBUo4wHC/t749hHX4V/y8HsoYowFgoaCmvt4klm6yW2DD9JIlzwd8g9mOjCbJVpmGABHAvfhMgEeY8FMteSyerUExVNxvh7Oj8kiAhWwSZZz8pRniaSkkVtPlLb3+wIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
3.3969984e+09
-
unknown2
AAAABAAAAAEAAAAyAAAAAgAAACQAAAACAAAlGQAAAA0AAAAPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/assets/chunk-vendor-4c69db4f.js
-
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.190 Safari/537.36
-
watermark
0
Targets
-
-
Target
21633bb2e378d40e3e13b88bf3a7fd397ad1229eab9730cf93fc2cc260fbdd4f
-
Size
833KB
-
MD5
cb6991a10c698a7e632d3397a15a1355
-
SHA1
cdc62df36002885fd268f4ceabecb7ec007963b4
-
SHA256
21633bb2e378d40e3e13b88bf3a7fd397ad1229eab9730cf93fc2cc260fbdd4f
-
SHA512
07eb1a7cad56c7349bd8c895ccf720db2c27a93d0303ffaaaf56b15ac73606d3335a6169a8e4ea36c4f2ff7133664bf24027bff36a919037c56c4e511811162d
Score10/10 -