General
-
Target
3dbccaffbbe4ef96ac7b5025b97ea50076a392ce1373ba8d529cca4efba74889
-
Size
247KB
-
Sample
220316-nxwnpabdgq
-
MD5
8a7fbffb9f0898d8100dfb786f71112f
-
SHA1
1c64304b3ca926cfad8c6a23b591e1055d57fcfd
-
SHA256
3dbccaffbbe4ef96ac7b5025b97ea50076a392ce1373ba8d529cca4efba74889
-
SHA512
99e5800547427c2b3d33905b8c1aa6f6f5df9066ae24c19d36a5588e0f75f9b6278cb64c1bbbccccdcd52a2d6a1027213044e34c1210ccefd781486104dc3353
Static task
static1
Behavioral task
behavioral1
Sample
3dbccaffbbe4ef96ac7b5025b97ea50076a392ce1373ba8d529cca4efba74889.dll
Resource
win7-20220310-en
Behavioral task
behavioral2
Sample
3dbccaffbbe4ef96ac7b5025b97ea50076a392ce1373ba8d529cca4efba74889.dll
Resource
win10v2004-en-20220113
Malware Config
Extracted
cobaltstrike
1359593325
http://116.62.230.222:80/fwlink
-
access_type
512
-
host
116.62.230.222,/fwlink
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
80
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCy6G8R0H+YW3z9L7piK5hnNG1Yl1+LxTa9s/lGIpB9gvmzF1p4QZBQIpQZmFPzwWzMuUX7/ST8UmdrMWRXMuaLxTe9HG/4g1MdofyzAzIxw8looeCcXXuyI89hJDYGG9qqqmK7NmH2YiflVEWHoFHawcVMeBjRDigxOuZyIPxS8wIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENUSMSE)
-
watermark
1359593325
Targets
-
-
Target
3dbccaffbbe4ef96ac7b5025b97ea50076a392ce1373ba8d529cca4efba74889
-
Size
247KB
-
MD5
8a7fbffb9f0898d8100dfb786f71112f
-
SHA1
1c64304b3ca926cfad8c6a23b591e1055d57fcfd
-
SHA256
3dbccaffbbe4ef96ac7b5025b97ea50076a392ce1373ba8d529cca4efba74889
-
SHA512
99e5800547427c2b3d33905b8c1aa6f6f5df9066ae24c19d36a5588e0f75f9b6278cb64c1bbbccccdcd52a2d6a1027213044e34c1210ccefd781486104dc3353
Score1/10 -