General
-
Target
17173823829b87f8bf29af2c46b296e6757899c7699fd6c49f73efa0979290e7
-
Size
255KB
-
Sample
220315-xyzleaddan
-
MD5
72edf1999cccf5c1012c627685047e02
-
SHA1
8f43eeba2e67ed362794ae01a21c8b226087179e
-
SHA256
17173823829b87f8bf29af2c46b296e6757899c7699fd6c49f73efa0979290e7
-
SHA512
978c605313e51504faf3dd1848716e7a696853109b3d1f851a8b9e59c3db63038f3b6fe435d0bf214761dc1adfd349ff6f6d85b5ae2f7e92f803b71f30efe81c
Static task
static1
Behavioral task
behavioral1
Sample
17173823829b87f8bf29af2c46b296e6757899c7699fd6c49f73efa0979290e7.dll
Resource
win7-20220311-en
Behavioral task
behavioral2
Sample
17173823829b87f8bf29af2c46b296e6757899c7699fd6c49f73efa0979290e7.dll
Resource
win10v2004-20220310-en
Malware Config
Extracted
cobaltstrike
1359593325
http://178.32.98.80:80/dot.gif
-
access_type
512
-
host
178.32.98.80,/dot.gif
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
80
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDuVJ3ZKC8+fB0SwLXaPQ1yFejEVgHwPMTsKjGIPlIA1xheQMs4++377PuUa6svl56e2SCGwrxh8Q92vZ6CTcvKl3wPg6jg+3f+00Ruj+7RslHWuIBMUXq4D4TMKHGAFur6L6b4j86wPdBwr8VfKNCwYtZe4FfM5xao31yNneW4swIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
-
watermark
1359593325
Targets
-
-
Target
17173823829b87f8bf29af2c46b296e6757899c7699fd6c49f73efa0979290e7
-
Size
255KB
-
MD5
72edf1999cccf5c1012c627685047e02
-
SHA1
8f43eeba2e67ed362794ae01a21c8b226087179e
-
SHA256
17173823829b87f8bf29af2c46b296e6757899c7699fd6c49f73efa0979290e7
-
SHA512
978c605313e51504faf3dd1848716e7a696853109b3d1f851a8b9e59c3db63038f3b6fe435d0bf214761dc1adfd349ff6f6d85b5ae2f7e92f803b71f30efe81c
Score1/10 -