General
-
Target
b9439b92bf5033352a263bbed07ef03ee4669ae651a08076808f9ba90fe54357
-
Size
203KB
-
Sample
220612-bnl2nsceg9
-
MD5
2389558f5f4a7593b7f9eb68e03db034
-
SHA1
88ddf573652d2e53a82a8de8bdd5acc0c6cac8fd
-
SHA256
b9439b92bf5033352a263bbed07ef03ee4669ae651a08076808f9ba90fe54357
-
SHA512
862f1b40f08346f098743a38fd520abf9c87fba37356ff234c40b2cd3637c5b6bd505f6ed983a5145ed3c5af1b0d0fe8d39613861c14c4f741f159c8a0a8e214
Static task
static1
Behavioral task
behavioral1
Sample
b9439b92bf5033352a263bbed07ef03ee4669ae651a08076808f9ba90fe54357.dll
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
b9439b92bf5033352a263bbed07ef03ee4669ae651a08076808f9ba90fe54357.dll
Resource
win10v2004-20220414-en
Malware Config
Extracted
cobaltstrike
1359593325
http://121.199.51.9:80/ca
-
access_type
512
-
host
121.199.51.9,/ca
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
80
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCAYLpRxwT56DPopVuB0+RuGucnvWgMhl1UrM2PWkZITPtx+z9TscFtEgrNJ6phVdkkbzvv9F2N/6qh1vu0809k+SEs/cY8WD2VrByN/722l+ONu421hZNESrbnSVcQ2kd/gwSzerk/5xJeiahbTNHF3NSxj4upJle+efY0xf7eKQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; UHS)
-
watermark
1359593325
Targets
-
-
Target
b9439b92bf5033352a263bbed07ef03ee4669ae651a08076808f9ba90fe54357
-
Size
203KB
-
MD5
2389558f5f4a7593b7f9eb68e03db034
-
SHA1
88ddf573652d2e53a82a8de8bdd5acc0c6cac8fd
-
SHA256
b9439b92bf5033352a263bbed07ef03ee4669ae651a08076808f9ba90fe54357
-
SHA512
862f1b40f08346f098743a38fd520abf9c87fba37356ff234c40b2cd3637c5b6bd505f6ed983a5145ed3c5af1b0d0fe8d39613861c14c4f741f159c8a0a8e214
Score3/10 -