General
-
Target
3f4856258cd09269d1734e2ce59e65c3d78e1851ded21aaef8564d70d8faf081
-
Size
208KB
-
Sample
220316-mxaksacfg5
-
MD5
999e5303e472c93e4c9167f1026554a0
-
SHA1
aab1d63de76ed1ab198f85637e3ebb1232c4c9f2
-
SHA256
3f4856258cd09269d1734e2ce59e65c3d78e1851ded21aaef8564d70d8faf081
-
SHA512
df2d72d5e8b1f24e1a7d705fedb71b34ff04939a12b895db7a551594441f0fbe64c4acd0469e69b375159a47764f824050656dccb1465a7f8eae763be290d7ec
Static task
static1
Behavioral task
behavioral1
Sample
3f4856258cd09269d1734e2ce59e65c3d78e1851ded21aaef8564d70d8faf081.dll
Resource
win7-20220311-en
Behavioral task
behavioral2
Sample
3f4856258cd09269d1734e2ce59e65c3d78e1851ded21aaef8564d70d8faf081.dll
Resource
win10v2004-en-20220113
Malware Config
Extracted
cobaltstrike
1873433027
http://182.92.188.198:80/dot.gif
-
access_type
512
-
host
182.92.188.198,/dot.gif
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_method1
GET
-
http_method2
POST
-
maxdns
255
-
polling_time
60000
-
port_number
80
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtlvCbO9iHyvSy+csCK/Zq7QXyTU3N89E/J2twc7CWmjjLzNi9Z6J2BPZmKUf0Adm5C9aC0wMZwQvOTnTcYFia9MxBOIl1KqpPccvzppj1L/Rd3MPiCLYVQX9SZjHXiYjvzzm70z3pMiywEg1zHNjTjGlKYUXiIIhAcVrkiX6KsQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
-
watermark
1873433027
Targets
-
-
Target
3f4856258cd09269d1734e2ce59e65c3d78e1851ded21aaef8564d70d8faf081
-
Size
208KB
-
MD5
999e5303e472c93e4c9167f1026554a0
-
SHA1
aab1d63de76ed1ab198f85637e3ebb1232c4c9f2
-
SHA256
3f4856258cd09269d1734e2ce59e65c3d78e1851ded21aaef8564d70d8faf081
-
SHA512
df2d72d5e8b1f24e1a7d705fedb71b34ff04939a12b895db7a551594441f0fbe64c4acd0469e69b375159a47764f824050656dccb1465a7f8eae763be290d7ec
Score1/10 -