General
-
Target
42cba18753fcbb3fb2b0c2965488962e1c7a472c031ade7ceae20e73a91b0924
-
Size
255KB
-
Sample
220316-kpe47ahfgm
-
MD5
a8a8e42db1fd4025b93e3af67091955a
-
SHA1
b31bc86e37c01f6a4a2142782b352be790db9997
-
SHA256
42cba18753fcbb3fb2b0c2965488962e1c7a472c031ade7ceae20e73a91b0924
-
SHA512
1586e68931f3d6a8185125e25c461ccae503a1d50d9bdad450b542f3f88a9c227593d346bbc9a0b8fcd0252755814c7a7548a3434761028ad3b71dafed90597a
Static task
static1
Behavioral task
behavioral1
Sample
42cba18753fcbb3fb2b0c2965488962e1c7a472c031ade7ceae20e73a91b0924.dll
Resource
win7-20220311-en
Behavioral task
behavioral2
Sample
42cba18753fcbb3fb2b0c2965488962e1c7a472c031ade7ceae20e73a91b0924.dll
Resource
win10v2004-en-20220113
Malware Config
Extracted
cobaltstrike
1359593325
http://178.128.233.247:80/pixel
-
access_type
512
-
host
178.128.233.247,/pixel
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
80
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCathlj7Yqm5Vk7laxbZj/jqWYePtZfdwgw/Vu7GUsxNcztIv48wV7xBubDozf4lhMn3NqtqS2p3a5hKWm9+w8iGA0898/vBcwLud+v3wihM1ifO7Tz5TcTPIgXF6vrxnsKXbpJ5wxThT0OhpGNVLIgLPlsPzFQH8ge4pFBIRFcbQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NP08; MAAU; NP08)
-
watermark
1359593325
Targets
-
-
Target
42cba18753fcbb3fb2b0c2965488962e1c7a472c031ade7ceae20e73a91b0924
-
Size
255KB
-
MD5
a8a8e42db1fd4025b93e3af67091955a
-
SHA1
b31bc86e37c01f6a4a2142782b352be790db9997
-
SHA256
42cba18753fcbb3fb2b0c2965488962e1c7a472c031ade7ceae20e73a91b0924
-
SHA512
1586e68931f3d6a8185125e25c461ccae503a1d50d9bdad450b542f3f88a9c227593d346bbc9a0b8fcd0252755814c7a7548a3434761028ad3b71dafed90597a
Score1/10 -