General
-
Target
3c0bf9bc0e966ddd5815b543b57d329a679d256b8604a03f4f0254dccc6f6ef1
-
Size
199KB
-
Sample
220703-kqk2tsegb3
-
MD5
4fe2b62d9b3ea999aef94d5cfc8158f1
-
SHA1
eaa0e61560812a432287667e81eeb8070edfc830
-
SHA256
3c0bf9bc0e966ddd5815b543b57d329a679d256b8604a03f4f0254dccc6f6ef1
-
SHA512
47b1ddc2593100fbf5a039fb1a9337921cf4278eef0141af4071cd52bb2ae7da4212420d625a8a366b0e36aa0483ee8f95cf4af01fe4d66e01d69b1dbbdcc193
Static task
static1
Behavioral task
behavioral1
Sample
3c0bf9bc0e966ddd5815b543b57d329a679d256b8604a03f4f0254dccc6f6ef1.dll
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
3c0bf9bc0e966ddd5815b543b57d329a679d256b8604a03f4f0254dccc6f6ef1.dll
Resource
win10v2004-20220414-en
Malware Config
Extracted
cobaltstrike
0
http://37.252.15.241:80/match
-
crypto_scheme
256
-
host
37.252.15.241,/match
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_method1
GET
-
http_method2
POST
-
maxdns
255
-
pipe_name
\\%s\pipe\msagent_%x
-
polling_time
60000
-
port_number
80
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDmyW6bqevjWW6DZ6+3cuzxxXBe/IOO5SymlXvl9rws8PkzeMLyzwmJ2JccNm3Z1aOCMeOnht3A5gXbRI+GX7UyXWRxkliGOdBfRW7Oa0Q5CGAxmy2f1WzbbbvEA29nz+EfIlDFmr0h8dfyyrCnsrhjtLpEcGY9HeENppg1VNdLkwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;PTBR)
-
watermark
0
Targets
-
-
Target
3c0bf9bc0e966ddd5815b543b57d329a679d256b8604a03f4f0254dccc6f6ef1
-
Size
199KB
-
MD5
4fe2b62d9b3ea999aef94d5cfc8158f1
-
SHA1
eaa0e61560812a432287667e81eeb8070edfc830
-
SHA256
3c0bf9bc0e966ddd5815b543b57d329a679d256b8604a03f4f0254dccc6f6ef1
-
SHA512
47b1ddc2593100fbf5a039fb1a9337921cf4278eef0141af4071cd52bb2ae7da4212420d625a8a366b0e36aa0483ee8f95cf4af01fe4d66e01d69b1dbbdcc193
Score3/10 -