General
-
Target
21275c90f94fa2db74a2dce04972a9b29c29a3cb4db625cd2858499947171797
-
Size
256KB
-
Sample
220316-1mct2sfbej
-
MD5
52329b668417a9ae57d4b2c05f28ea2e
-
SHA1
a41bd964423ceb0cdd01913c8324a17ad60a8ffc
-
SHA256
21275c90f94fa2db74a2dce04972a9b29c29a3cb4db625cd2858499947171797
-
SHA512
2f34095d7426780af20a7dcc3faee7551e899dd854500907abccb9ed46da9fdefb5f6d6b0a26c6de8843e30fca7f5ca24e1c3a3ebd812f56b7f1637d5f0a21cd
Static task
static1
Behavioral task
behavioral1
Sample
21275c90f94fa2db74a2dce04972a9b29c29a3cb4db625cd2858499947171797.dll
Resource
win7-20220311-en
Behavioral task
behavioral2
Sample
21275c90f94fa2db74a2dce04972a9b29c29a3cb4db625cd2858499947171797.dll
Resource
win10v2004-en-20220113
Malware Config
Extracted
cobaltstrike
1
http://124.70.1.140:80/match
-
access_type
512
-
host
124.70.1.140,/match
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
80
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCTLTYGbQgqToXcc+pq6gVw5nVCzsIWm01YbfUOhKeiWMOVSoC2mD4RhBvhabmgrLNKrrXFX2dpT/bvv793xbWxE9+CqwUZbKhRC3OwknVpMPR9WuugoBwtPvBSz1MR6DaM74bKF23xO/FdYuiHU+uXSJFyPDIrr/Vcz+uQwAu82wIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)
-
watermark
1
Targets
-
-
Target
21275c90f94fa2db74a2dce04972a9b29c29a3cb4db625cd2858499947171797
-
Size
256KB
-
MD5
52329b668417a9ae57d4b2c05f28ea2e
-
SHA1
a41bd964423ceb0cdd01913c8324a17ad60a8ffc
-
SHA256
21275c90f94fa2db74a2dce04972a9b29c29a3cb4db625cd2858499947171797
-
SHA512
2f34095d7426780af20a7dcc3faee7551e899dd854500907abccb9ed46da9fdefb5f6d6b0a26c6de8843e30fca7f5ca24e1c3a3ebd812f56b7f1637d5f0a21cd
Score1/10 -