General
-
Target
a46084e10c7c0f4e0d35085c3e44dcda05c9b877f4eaaebfc3f39ff80e599e12
-
Size
415KB
-
Sample
220629-cbkthsffg6
-
MD5
44645486e8aad6ecff54a6ba8193eb29
-
SHA1
83a79043eba95fe27cc125d51950920c0632f1f2
-
SHA256
a46084e10c7c0f4e0d35085c3e44dcda05c9b877f4eaaebfc3f39ff80e599e12
-
SHA512
12bd10d7f13ab23ed5bc1c0304b1e56f8ed2a5d7b7811f056eba3b14d5a0194ccf710e978e92dc090dc0f194b4ed408aa201eb66a25a4a7f3712b9851ccd74a6
Static task
static1
Behavioral task
behavioral1
Sample
项目信息/WzComAddrBook64.dll
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
项目信息/WzComAddrBook64.dll
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
项目信息/项目信息.docx.exe
Resource
win7-20220414-en
Malware Config
Extracted
cobaltstrike
305419896
http://42.249.219.112:443/push
http://117.139.142.248:443/__utm.gif
http://58.221.30.69:443/dot.gif
-
access_type
512
-
beacon_type
2048
-
host
42.249.219.112,/push,117.139.142.248,/__utm.gif,58.221.30.69,/dot.gif
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_method1
GET
-
http_method2
POST
-
maxdns
255
-
polling_time
60000
-
port_number
443
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCm6dDNosecwYifTVCVelinAuAlJwa3XU3XMOkS290iPmPmofjMd/+EOcoCE8d7xvj4mNtcSWHspfOAMs/dTabxOJDIqvrJQHVNimp3j1kB36AU92BokpBAlZ+i5NrOaQE1XC3RV2dU2e1PewC+QwIOsCvU7ljzvySxMN1oHGi0DQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; InfoPath.2; InfoPath.3)
-
watermark
305419896
Extracted
cobaltstrike
0
-
watermark
0
Targets
-
-
Target
项目信息/WzComAddrBook64.dll
-
Size
95KB
-
MD5
c8fa7eb79170457445f7c130d6684d3b
-
SHA1
1fdd87d319219d64ed4ceba7c9d8162021c422d3
-
SHA256
89a63d3e1693b0e567f54933193e862dfa49dbd989dfdb06a87f60a9e9a4945f
-
SHA512
3815799c30e2a933827308280a11b410c1fad94bdb1027804bba512d96a70be04bbf9a7df8e41e80c91f77a2313e924e1521bf8f0e02a1023898e1b33bef3b19
Score1/10 -
-
-
Target
项目信息/项目信息.docx.exe
-
Size
1.4MB
-
MD5
30f2444fe84adfbf39c60bb0c8e6d7d1
-
SHA1
3ec347b49517b1d165a3797db9816f78652e8988
-
SHA256
288084c0dc8bd71f5a09bda594f4f2f6f18271eca4fa459dcfc771a19dd46a25
-
SHA512
0b33a9cf6c820025bb61c7cf103e24a54c2a6326cd0f54cbc41d110e6be5e2a35b6348886964165b38f688c7f7d7a2a54cd410d784a46ec2619e32c28a210855
-
suricata: ET MALWARE Cobalt Strike Beacon Observed
suricata: ET MALWARE Cobalt Strike Beacon Observed
-