General
-
Target
4ca3e59975efade9742cd840d23cdb493d89a63d4ce891d7cc415cf293a79198
-
Size
407KB
-
Sample
220704-kpfqqafgfk
-
MD5
d056738d80ed5236e9af768fe2e42ad6
-
SHA1
4af460ca2104d3faccfb2d4b165c37aa1981f4ca
-
SHA256
4ca3e59975efade9742cd840d23cdb493d89a63d4ce891d7cc415cf293a79198
-
SHA512
46a30b35d2c9f6a2b8b65eb26b2596537c8709295c93a493b8428fef7fada2e27b7f68078021cde9b30f7fe0e4221335a4463ebb4dbf1daf94fb4c1c4e07b028
Static task
static1
Behavioral task
behavioral1
Sample
4ca3e59975efade9742cd840d23cdb493d89a63d4ce891d7cc415cf293a79198.exe
Resource
win7-20220414-en
Malware Config
Extracted
cobaltstrike
1
http://114.115.141.15:4431/pixel.gif
-
access_type
512
-
beacon_type
2048
-
host
114.115.141.15,/pixel.gif
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
4431
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDTLfX+qitQykhzTnzJhFWMqaXM4QuHos2PacE6/BePejucSQ6l0mgBiGyt3nVX0MuvbDiqPqH6Gy1i3XD2EM835AgdVoBQQE0+xFyGIyT+o9+hQgwhlJiuSmh2sPHUZxCSfbqd0/TLHnusTjF0yM5FBTDPOB/wN4jn2+K1aASFLQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
-
watermark
1
Extracted
cobaltstrike
0
-
watermark
0
Targets
-
-
Target
4ca3e59975efade9742cd840d23cdb493d89a63d4ce891d7cc415cf293a79198
-
Size
407KB
-
MD5
d056738d80ed5236e9af768fe2e42ad6
-
SHA1
4af460ca2104d3faccfb2d4b165c37aa1981f4ca
-
SHA256
4ca3e59975efade9742cd840d23cdb493d89a63d4ce891d7cc415cf293a79198
-
SHA512
46a30b35d2c9f6a2b8b65eb26b2596537c8709295c93a493b8428fef7fada2e27b7f68078021cde9b30f7fe0e4221335a4463ebb4dbf1daf94fb4c1c4e07b028
-
suricata: ET MALWARE Cobalt Strike Beacon Observed
suricata: ET MALWARE Cobalt Strike Beacon Observed
-
suricata: ET MALWARE Meterpreter or Other Reverse Shell SSL Cert
suricata: ET MALWARE Meterpreter or Other Reverse Shell SSL Cert
-