Analysis
-
max time kernel
151s -
max time network
172s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
08-02-2022 22:07
Static task
static1
Behavioral task
behavioral1
Sample
gwui.dll
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
gwui.dll
Resource
win10v2004-en-20220112
General
-
Target
gwui.dll
-
Size
211KB
-
MD5
ac581207ef80437a961f2ada3a47d763
-
SHA1
62964395bbc5fbee65dac62e0233ce8377674b2c
-
SHA256
b6262f4aa06d0bf045d95e3fcbc142f1d1d98f053da5714e3570482f0cf93b65
-
SHA512
e0e079b3271cf71b582c6d1ea9326860f7c7467051c7aaacab7f19115390655341200fdba1e0b01e2b6225e8ed2efb0a1cdc55bd7fccb120060d89cb0d493bc2
Malware Config
Extracted
cobaltstrike
http://foxofeli.com:443/image-directory/dhl.jpg
-
user_agent
Host: weibo.com Connection: close Accept-Language: fr-CH, fr;q=0.9, en;q=0.8, de;q=0.7, *;q=0.5 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_2) AppleWebKit/601.3.9 (KHTML, like Gecko) Version/9.0.2 Safari/601.3.9
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.