General
-
Target
b63d83089effe2fc647f703183fe6ab7d0ae8a4f0df375c2bd1f22a10bbc67da
-
Size
206KB
-
Sample
220707-17hwssgbd6
-
MD5
43a245f94f479a1b5d6e6f3fa4c71e1a
-
SHA1
5e0118c611d2907e0232e0549c33845a8251e9df
-
SHA256
b63d83089effe2fc647f703183fe6ab7d0ae8a4f0df375c2bd1f22a10bbc67da
-
SHA512
2b36e42a72e3f5ce6b32a6bfa6d6d908eeb963ad12b2f5154ad95c9b6d4f35d98af64d9380730bed2672b0d260d4808a62412bdd139d7f8a18cb1db9458d9868
Static task
static1
Behavioral task
behavioral1
Sample
b63d83089effe2fc647f703183fe6ab7d0ae8a4f0df375c2bd1f22a10bbc67da.dll
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
b63d83089effe2fc647f703183fe6ab7d0ae8a4f0df375c2bd1f22a10bbc67da.dll
Resource
win10v2004-20220414-en
Malware Config
Extracted
cobaltstrike
0
http://159.75.31.97:80/match
-
access_type
512
-
host
159.75.31.97,/match
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
80
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCosUQTWwQrV6HKIEj14MYkuYNSkz1TymcAP5fow2OYmGdLdKTelAbgX4VniirBO2U+erT635Tncdl7ou4Nvlh2vlAlXwBATglK7Lw+07KGrIH5smoeJt8sA2PUhZ5j1MF40A4yKHhfh+SGI+ZLqgYkuI+Mlp/Qvk8OAJ7cEH3lCQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENUS)
-
watermark
0
Targets
-
-
Target
b63d83089effe2fc647f703183fe6ab7d0ae8a4f0df375c2bd1f22a10bbc67da
-
Size
206KB
-
MD5
43a245f94f479a1b5d6e6f3fa4c71e1a
-
SHA1
5e0118c611d2907e0232e0549c33845a8251e9df
-
SHA256
b63d83089effe2fc647f703183fe6ab7d0ae8a4f0df375c2bd1f22a10bbc67da
-
SHA512
2b36e42a72e3f5ce6b32a6bfa6d6d908eeb963ad12b2f5154ad95c9b6d4f35d98af64d9380730bed2672b0d260d4808a62412bdd139d7f8a18cb1db9458d9868
Score3/10 -