General
-
Target
23e2e7ed66d44fb49f1ee87f211596b921fd415dbec7b10b9c47e1e40a155f25
-
Size
256KB
-
Sample
220317-yamglsehcj
-
MD5
dba3ac4ca6c6a943b97a2a702d0a723e
-
SHA1
d13b2d52b14ddd1cfccb738135e4194ef87ccb64
-
SHA256
23e2e7ed66d44fb49f1ee87f211596b921fd415dbec7b10b9c47e1e40a155f25
-
SHA512
406dd2b430b36458f7af7520d692744a62950857ee5fb0be6905f60ef1b6384ae1365d5d7557f95036cbf364abaf23afb0216f2f8cb6ce6a5b918d5454d2ef6c
Static task
static1
Behavioral task
behavioral1
Sample
23e2e7ed66d44fb49f1ee87f211596b921fd415dbec7b10b9c47e1e40a155f25.dll
Resource
win7-20220311-en
Behavioral task
behavioral2
Sample
23e2e7ed66d44fb49f1ee87f211596b921fd415dbec7b10b9c47e1e40a155f25.dll
Resource
win10v2004-20220310-en
Malware Config
Extracted
cobaltstrike
1359593325
http://motivationalhindi.in:443/
-
access_type
512
-
beacon_type
2048
-
host
motivationalhindi.in,/
-
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAeR2V0Q29udGVudEZlYXR1cmVzLkRMTkEuT1JHOiAxAAAAEAAAACNIb3N0OiBkMTF4eGhhNm55dzA5eS5jbG91ZGZyb250Lm5ldAAAAAoAAABIQ29va2llOiAgX191dG1hPTUwOTc4ODY2Ny4wNDgyODI4ODA3LjU5NTkzMzc1MDAuNzY3MzgxNjc2NS42NTY2Mjk2NzE2LjU7AAAACQAAAAl2ZXJzaW9uPTQAAAAJAAAADmxpZD05NjIyNDY4NjQ3AAAABwAAAAAAAAAIAAAABQAAAAV0b2tlbgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAQAAAAI0hvc3Q6IGQxMXh4aGE2bnl3MDl5LmNsb3VkZnJvbnQubmV0AAAABwAAAAAAAAAFAAAAA3JpZAAAAAkAAAAObGlkPTQ1Nzk0NjMxMDAAAAAJAAAAH21ldGhvZD1nZXRTZWFyY2hSZWNvbW1lbmRhdGlvbnMAAAAHAAAAAQAAAAMAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
970
-
port_number
443
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCU4Ej/+fRXXgiM8iqMXk/7EEinbIwxij/jzyInJQ4haz7k4G41C1+BI2TpaZASSkYRM9iPBzE6Estft99g/Vy/PTlz3hOW1CdtyMWzZB5Jnni46nhc95YDqTzsbnaoNCIjLbl1sQFr7fCmfKZ8deqUpeVhLpK5//ytPWxsGYp6hwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
7.382016e+08
-
unknown2
AAAABAAAAAIAAAAQAAAAAgAAABAAAAACAAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/radio/xmlrpc/v35
-
user_agent
Mozilla/5.0 (Windows NT 10.0; WOW64)
-
watermark
1359593325
Targets
-
-
Target
23e2e7ed66d44fb49f1ee87f211596b921fd415dbec7b10b9c47e1e40a155f25
-
Size
256KB
-
MD5
dba3ac4ca6c6a943b97a2a702d0a723e
-
SHA1
d13b2d52b14ddd1cfccb738135e4194ef87ccb64
-
SHA256
23e2e7ed66d44fb49f1ee87f211596b921fd415dbec7b10b9c47e1e40a155f25
-
SHA512
406dd2b430b36458f7af7520d692744a62950857ee5fb0be6905f60ef1b6384ae1365d5d7557f95036cbf364abaf23afb0216f2f8cb6ce6a5b918d5454d2ef6c
Score3/10 -