General
-
Target
3e5e0cb1d456992fa5f9b9a3a2b69f2b449f8a19804768d2d899dcf3ca36fb7e
-
Size
255KB
-
Sample
220316-ng9klsdad8
-
MD5
929466ab5eda5a2c6d30a8b93fc68481
-
SHA1
54fb08e84452b13a17faf10a6871c70856dcdb5d
-
SHA256
3e5e0cb1d456992fa5f9b9a3a2b69f2b449f8a19804768d2d899dcf3ca36fb7e
-
SHA512
05c79c86cb904ab944a2f6eb670e57966448995885ab358477a6df8d43a22cecc580677cb1021ed715d562c407b46d2fae22ea1139f45a2f69cb4fc8cd2406a2
Static task
static1
Behavioral task
behavioral1
Sample
3e5e0cb1d456992fa5f9b9a3a2b69f2b449f8a19804768d2d899dcf3ca36fb7e.dll
Resource
win7-20220310-en
Behavioral task
behavioral2
Sample
3e5e0cb1d456992fa5f9b9a3a2b69f2b449f8a19804768d2d899dcf3ca36fb7e.dll
Resource
win10v2004-20220310-en
Malware Config
Extracted
cobaltstrike
1359593325
http://193.149.161.252:80/search/
-
access_type
512
-
host
193.149.161.252,/search/
-
http_header1
AAAAEAAAABJIb3N0OiB3d3cuYmluZy5jb20AAAAKAAAAR0FjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44AAAACgAAAEFDb29raWU6IE1VSUQ9MjMxMzVEQjEwMzgxNkY1MjNDRDA1MjY1MDJTQjZFOTg7JlQ9MjgzNzY3MDg4JkE9MSZJRwAAAAoAAABSVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgNi4xOyBXT1c2NDsgcnY6Ni4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzYuMAAAAAoAAAAeQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlAAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAcAAAAAAAAADQAAAAgAAAANAAAABQAAAAFxAAAACQAAAAlnbz1TZWFyY2gAAAAJAAAABHFzPW4AAAAJAAAAC2Zvcm09UUJMSEVOAAAACQAAAAVzcD0tMQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAAEAAAABJIb3N0OiB3d3cuYmluZy5jb20AAAAKAAAAR0FjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44AAAACgAAAFJVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoV2luZG93cyBOVCA2LjE7IFdPVzY0OyBydjo2LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvNi4wAAAACgAAAB5BY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUAAAAKAAAAJkNvbnRlbnQtVHlwZTogdGV4dC9odG1sOyBjaGFyc2V0PVVURi04AAAACgAAAEFDb29raWU6IE1VSUQ9MjMxMzVEQjEwMzgxNkY1MjNDRDA1MjY1MDJTQjZFOTg7JlQ9MjgzNzY3MDg4JkE9MSZJRwAAAAoAAAARQ29ubmVjdGlvbjogY2xvc2UAAAAHAAAAAQAAAA0AAAAIAAAADQAAAAUAAAABcQAAAAkAAAAJZ289U2VhcmNoAAAACQAAAARxcz1uAAAACQAAAAVzcD0tMQAAAAcAAAAAAAAADQAAAAUAAAAEZnJvbQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
GET
-
jitter
5120
-
polling_time
30
-
port_number
80
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCh820pYPoch49cV8DLddzH1V9IoUz4D1BssZz7MNqANCj6W+YXdvtm7RHnnnxHEJ38w5/Ly6HkGqd6ePoZVc7k5re7sIhYV6RsZtiOn2NBSE/VJbmuhxWmzLWef6xllZyWc0cslbdWphtnzULACcy2R4NAwhFUrOZg/tYYFc7QPwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4.261748736e+09
-
unknown2
AAAABAAAAAEAAANbAAAAAgAAAqMAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown3
1.610612736e+09
-
uri
/Search/
-
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0) Gecko/20100101 Firefox/6.0
-
watermark
1359593325
Targets
-
-
Target
3e5e0cb1d456992fa5f9b9a3a2b69f2b449f8a19804768d2d899dcf3ca36fb7e
-
Size
255KB
-
MD5
929466ab5eda5a2c6d30a8b93fc68481
-
SHA1
54fb08e84452b13a17faf10a6871c70856dcdb5d
-
SHA256
3e5e0cb1d456992fa5f9b9a3a2b69f2b449f8a19804768d2d899dcf3ca36fb7e
-
SHA512
05c79c86cb904ab944a2f6eb670e57966448995885ab358477a6df8d43a22cecc580677cb1021ed715d562c407b46d2fae22ea1139f45a2f69cb4fc8cd2406a2
Score1/10 -