General
-
Target
ε ³δΊι’ζ£ιͺη§ζ£ιͺθ§θηζζ°θ°ζ΄.zip
-
Size
83KB
-
Sample
220427-d3l2bsgfa5
-
MD5
709b6637380f6ac0dffb5ca75316adbc
-
SHA1
13a33868a4225ac06514d38fa1ff3dc3fc680c44
-
SHA256
0147862a5fa89fb5ef5364a9feabbcdd75e9b92f591699be40d6038169c23204
-
SHA512
a571fd5a28a5af5df600f2e896a01744a5996f7a4ead610b2dc771443de8229314be230de7b82c37622f4c44739cb2b2f914f2c5347f9727b7b57f10af77a2e3
Static task
static1
Behavioral task
behavioral1
Sample
ε ³δΊι’ζ£ιͺη§ζ£ιͺθ§θηζζ°θ°ζ΄.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
ε ³δΊι’ζ£ιͺη§ζ£ιͺθ§θηζζ°θ°ζ΄.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
cobaltstrike
1
http://123.60.18.108:30443/api/groovy
http://dns1.azureedge.net:443/api/groovy
-
access_type
512
-
beacon_type
2048
-
host
123.60.18.108,/api/groovy
-
http_header1
AAAABwAAAAAAAAANAAAAAgAAAApTRVNTSU9OSUQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAABwAAAAAAAAADAAAAAgAAAAlKU0VTU0lPTj0AAAAGAAAABkNvb2tpZQAAAAcAAAABAAAAAwAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
3000
-
port_number
30443
-
sc_process32
%windir%\syswow64\WerFault.exe
-
sc_process64
%windir%\sysnative\WerFault.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3b39SnP1TTYFQKz0qNc+NrRuTaNRPDW8cnWXbaeiyCev7TcCKvHttZh8HlISzuRnsL6drAE577XZ6KzcA4UG/KBbpw2ca/+qxH5RGSeaM2WmTXULt4/a0qVI8vq9MOJ04dJJ9zLl7KBBhb6WtJMS/NHS/VF12XsNVc6XDhI043wIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
1.700074752e+09
-
unknown2
AAAABAAAAAEAAAAIAAAAAgAAAAUAAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/api/package
-
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36
-
watermark
1
Targets
-
-
Target
ε ³δΊι’ζ£ιͺη§ζ£ιͺθ§θηζζ°θ°ζ΄.exe
-
Size
144KB
-
MD5
62c85007c27a163f00fdfdb82bb95b7a
-
SHA1
47438c43b13b6ffb518d1343c7fb74cf46e86f1d
-
SHA256
281f7edc9ed294b8a1589b8377edc747aaa6ebdaf173dadc96e12c77e7a7a4b3
-
SHA512
77a7659847a8ae0f5f2515adcdfe229fe48e860e53bb4896e15d0ab38388412ef906b755f443bb94d89032f47ef3c81ced2c240334c2c07d234b9c8db8d8bd6c
Score10/10 -