General
-
Target
ae31ab2f96f9b35857a88e8e8c44822d54d9ee0211e46d57a3c0794aa3546d01
-
Size
1.5MB
-
Sample
220420-tmvljaghg2
-
MD5
9b16f5b48c3cb39f41052d557b86803b
-
SHA1
a5c125c2783d19af707a3b848d461f01c9cc65d4
-
SHA256
ae31ab2f96f9b35857a88e8e8c44822d54d9ee0211e46d57a3c0794aa3546d01
-
SHA512
4af99dd69d3e2ec3dc49155994a3fd00ee6305656aa21baedce51c6dc3cec110a99e2f05a56613d03d9a495b15f97eb893a18c7bc210db04932e963821ce2d55
Static task
static1
Behavioral task
behavioral1
Sample
ae31ab2f96f9b35857a88e8e8c44822d54d9ee0211e46d57a3c0794aa3546d01.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
ae31ab2f96f9b35857a88e8e8c44822d54d9ee0211e46d57a3c0794aa3546d01.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
cobaltstrike
1873433027
http://39.97.118.130:6666/match
-
access_type
512
-
host
39.97.118.130,/match
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_method1
GET
-
http_method2
POST
-
maxdns
255
-
polling_time
60000
-
port_number
6666
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDBiQE/xOBcg+FAwn8rcVU1ghqb2ESpQIHnTFYhQhs22ivyoBEwsNs7pdUwf9remGc4wmg/DzAp7E6MA/h+Zhu/bNK1QvpoMrxmaYWC7Anfp5Z5XjmGeP+5++/Dx58X9ttvM2hN+GdWoVd7p/GFP3mf4zVW2/TT99/mpO6bcRtPoQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; LBBROWSER)
-
watermark
1873433027
Targets
-
-
Target
ae31ab2f96f9b35857a88e8e8c44822d54d9ee0211e46d57a3c0794aa3546d01
-
Size
1.5MB
-
MD5
9b16f5b48c3cb39f41052d557b86803b
-
SHA1
a5c125c2783d19af707a3b848d461f01c9cc65d4
-
SHA256
ae31ab2f96f9b35857a88e8e8c44822d54d9ee0211e46d57a3c0794aa3546d01
-
SHA512
4af99dd69d3e2ec3dc49155994a3fd00ee6305656aa21baedce51c6dc3cec110a99e2f05a56613d03d9a495b15f97eb893a18c7bc210db04932e963821ce2d55
Score10/10-
Suspicious use of NtSetInformationThreadHideFromDebugger
-