General
-
Target
beacon.bin
-
Size
203KB
-
Sample
220401-xc174sbfhk
-
MD5
c7a4ff6b89e267e81f68647c5f941895
-
SHA1
ef949d895259c2d541ed7001d66c1151808bd46f
-
SHA256
87a666af5422e0f30dc1ab9d137bc678b76a2a5610c34437f040419d494aef85
-
SHA512
83c4db0741dc2caf46e5fb13dcb0c6073affd395d7826769dcdc769dfd65452f93ab98a2ddffe65de06a0a365804bf1a23119d87a5161f882f737a99b4a174a8
Static task
static1
Behavioral task
behavioral1
Sample
beacon.dll
Resource
win10-20220331-en
Behavioral task
behavioral2
Sample
beacon.dll
Resource
win10v2004-en-20220113
Malware Config
Extracted
cobaltstrike
1359593325
http://5.199.162.220:80/ki
-
access_type
512
-
host
5.199.162.220,/ki
-
http_header1
AAAAEAAAABlIb3N0OiBtaWtyb3NvZnR1cGRhdGUuY29tAAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAATQWNjZXB0LUVuY29kaW5nOiBicgAAAAoAAAAlQWNjZXB0LUxhbmd1YWdlOiBlbi1HQjtxPTAuOSwgKjtxPTAuNwAAAAcAAAAAAAAACAAAAAMAAAACAAAAA2x1PQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAAEAAAABlIb3N0OiBtaWtyb3NvZnR1cGRhdGUuY29tAAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAAZQWNjZXB0LUVuY29kaW5nOiBnemlwLCBicgAAAAoAAAAvQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQAAAAHAAAAAQAAAAMAAAADAAAAAgAAAAZmbGFzaD0AAAAEAAAABwAAAAAAAAADAAAAAgAAAA5fX3Nlc3Npb25fX2lkPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
10496
-
polling_time
64485
-
port_number
80
-
sc_process32
%windir%\syswow64\regsvr32.exe
-
sc_process64
%windir%\sysnative\regsvr32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJvC2CQYaIouT41kXKVNrM5lLvclGJRE+i3ves+vC0AADUWTPs64Dn/B4eKlQKPpbC/8IgJjadD/B9pZiY8XUlk4dvaagLdjBCq7uSxS+KhVVsX46LBSBgIxaE4AeoZvwBD2n0wdeeI2sbkMvDhhv5s6Nmz12sAtOVGdr8cX3s5QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
6.1158912e+08
-
unknown2
AAAABAAAAAIAAAJYAAAAAwAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/us
-
user_agent
Mozilla/5.0 (Linux; Android 8.0.0; SM-G960F Build/R16NW) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202
-
watermark
1359593325
Targets
-
-
Target
beacon.bin
-
Size
203KB
-
MD5
c7a4ff6b89e267e81f68647c5f941895
-
SHA1
ef949d895259c2d541ed7001d66c1151808bd46f
-
SHA256
87a666af5422e0f30dc1ab9d137bc678b76a2a5610c34437f040419d494aef85
-
SHA512
83c4db0741dc2caf46e5fb13dcb0c6073affd395d7826769dcdc769dfd65452f93ab98a2ddffe65de06a0a365804bf1a23119d87a5161f882f737a99b4a174a8
Score1/10 -