General
-
Target
1d747d90f7ed44098365728db8c1ded03f95d273172f1f1cff6e4b32737d7655
-
Size
255KB
-
Sample
220316-qpj12aecb5
-
MD5
96c460c1e0249642a8f2bee9cc2fd0b6
-
SHA1
63c655a08c2c7ff9bf043ac8670564beaa0a7f1f
-
SHA256
1d747d90f7ed44098365728db8c1ded03f95d273172f1f1cff6e4b32737d7655
-
SHA512
ca65906c29bb0a9324960ae1fd464cceb148414590b7ff5edef836fe92db2678ca51050a9db9af0a67277e4621e8157763c2a446854cbed39c17b16c2719eb23
Static task
static1
Behavioral task
behavioral1
Sample
1d747d90f7ed44098365728db8c1ded03f95d273172f1f1cff6e4b32737d7655.dll
Resource
win7-20220310-en
Behavioral task
behavioral2
Sample
1d747d90f7ed44098365728db8c1ded03f95d273172f1f1cff6e4b32737d7655.dll
Resource
win10v2004-20220310-en
Malware Config
Extracted
cobaltstrike
1359593325
http://103.143.40.43:443/updates
-
access_type
512
-
beacon_type
2048
-
host
103.143.40.43,/updates
-
http_header1
AAAABwAAAAAAAAALAAAAAgAAAAV1c2VyPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAABJBY2NlcHQ6IHRleHQvcGxhaW4AAAAKAAAAFkFjY2VwdC1MYW5ndWFnZTogZW4tdXMAAAAKAAAAG0FjY2VwdC1FbmNvZGluZzogdGV4dC9wbGFpbgAAAAoAAAAvQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQAAAAHAAAAAAAAAAgAAAAFAAAAAmlkAAAABwAAAAEAAAADAAAAAgAAADsmb3A9MSZpZD12eGV5a1MmdWk9Sm9zaCBAIFBDJnd2PTExJmdyPWJhY2tvZmYmYnY9MS41NSZkYXRhPQAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
2560
-
polling_time
5000
-
port_number
443
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCHpIEDN6tkACIvuilbtbJCQ5IcGjzDii0smit3zjbjouDMteTGpYtyYdmjKGexmJwGpPTIDJEWqNq1raZCJAMRfrHUOeseRNJj6zvLrBZVVWkZ3sHSN301GkXP8sdFmQI83S903siTkAUOKLlQaPNzvSqIy4/jIFqLkk4ZMRxyfQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
1.481970944e+09
-
unknown2
AAAABAAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/aircanada/dark.php
-
user_agent
Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Firefox/24.0
-
watermark
1359593325
Targets
-
-
Target
1d747d90f7ed44098365728db8c1ded03f95d273172f1f1cff6e4b32737d7655
-
Size
255KB
-
MD5
96c460c1e0249642a8f2bee9cc2fd0b6
-
SHA1
63c655a08c2c7ff9bf043ac8670564beaa0a7f1f
-
SHA256
1d747d90f7ed44098365728db8c1ded03f95d273172f1f1cff6e4b32737d7655
-
SHA512
ca65906c29bb0a9324960ae1fd464cceb148414590b7ff5edef836fe92db2678ca51050a9db9af0a67277e4621e8157763c2a446854cbed39c17b16c2719eb23
Score1/10 -