General
-
Target
17903e9f4bb4b5e8a37c23097125928987701aad72ce0a265128e314fc46b33d
-
Size
260KB
-
Sample
220315-xmxmnsdber
-
MD5
ca400e87cc280855402a65d4b7fbd3dc
-
SHA1
2f8e409be5da2254863a68ecc39fba9bcade7fb1
-
SHA256
17903e9f4bb4b5e8a37c23097125928987701aad72ce0a265128e314fc46b33d
-
SHA512
607d86694eb608192308d6fd8c8d44ef64e733891fab56d77bc9d9d2df8fe7792354e05dd109465dbe5b3e6d477031ff5546b6a96bc165389ee1b38643d0cc82
Static task
static1
Behavioral task
behavioral1
Sample
17903e9f4bb4b5e8a37c23097125928987701aad72ce0a265128e314fc46b33d.dll
Resource
win7-20220310-en
Behavioral task
behavioral2
Sample
17903e9f4bb4b5e8a37c23097125928987701aad72ce0a265128e314fc46b33d.dll
Resource
win10v2004-20220310-en
Malware Config
Extracted
cobaltstrike
1873433027
http://103.73.97.119:443/updates
-
access_type
512
-
beacon_type
2048
-
dns_idle
6.7373064e+07
-
host
103.73.97.119,/updates
-
http_header1
AAAABwAAAAAAAAALAAAAAgAAAAZkZWJ1Zz0AAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_header2
AAAACgAAABJBY2NlcHQ6IHRleHQvcGxhaW4AAAAKAAAAFkFjY2VwdC1MYW5ndWFnZTogZW4tdXMAAAAKAAAAG0FjY2VwdC1FbmNvZGluZzogdGV4dC9wbGFpbgAAAAoAAAAvQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQAAAAHAAAAAAAAAAgAAAAFAAAAA3BpZAAAAAcAAAABAAAAAwAAAAIAAAAaJnR5cGU9MiZpZD13aW4mdWk9UEMmZGF0YT0AAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_method1
GET
-
http_method2
POST
-
jitter
2560
-
maxdns
235
-
polling_time
5000
-
port_number
443
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCcKS/9N/da0DTfieGSUwYvPbLYVW4E0T5EySJhN51Lp85zjd9tvqO/EMZJcsjmCWBc9boiP5tN+vbuiHuWLpH5IlvtXTg9eo3Z2lC18Gb14oRYMrL3OyX6edJ/dbbQx9vYGETlNfsur+5kDyXqTP7fBvNLz6TH11dn7bGN9Xk5wwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
1.481970944e+09
-
unknown2
AAAABAAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/debug/updcheck
-
user_agent
Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Firefox/24.0
-
watermark
1873433027
Targets
-
-
Target
17903e9f4bb4b5e8a37c23097125928987701aad72ce0a265128e314fc46b33d
-
Size
260KB
-
MD5
ca400e87cc280855402a65d4b7fbd3dc
-
SHA1
2f8e409be5da2254863a68ecc39fba9bcade7fb1
-
SHA256
17903e9f4bb4b5e8a37c23097125928987701aad72ce0a265128e314fc46b33d
-
SHA512
607d86694eb608192308d6fd8c8d44ef64e733891fab56d77bc9d9d2df8fe7792354e05dd109465dbe5b3e6d477031ff5546b6a96bc165389ee1b38643d0cc82
Score1/10 -