General
-
Target
449ca98cae67e67b0a55b11fb2b0db43361bad128ccfa10c75e70e8e8baaf259
-
Size
206KB
-
Sample
220707-xdytdafeak
-
MD5
f796e457e5926408cffebacc4dde86f0
-
SHA1
b2ea224436eb60d31cca905d505872b7453f5165
-
SHA256
449ca98cae67e67b0a55b11fb2b0db43361bad128ccfa10c75e70e8e8baaf259
-
SHA512
ac70385988ba758d6295c329adcee7129f5d680b6a8afb8c6022e59fa81a509ce42d421ce1cff9c1ef734c6e8baaf78078892b7cf92e90eea86c77f0e76d6c39
Static task
static1
Behavioral task
behavioral1
Sample
449ca98cae67e67b0a55b11fb2b0db43361bad128ccfa10c75e70e8e8baaf259.dll
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
449ca98cae67e67b0a55b11fb2b0db43361bad128ccfa10c75e70e8e8baaf259.dll
Resource
win10v2004-20220414-en
Malware Config
Extracted
cobaltstrike
0
http://31.44.184.33:80/g.pixel
-
access_type
512
-
crypto_scheme
256
-
host
31.44.184.33,/g.pixel
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_method1
GET
-
http_method2
POST
-
maxdns
255
-
pipe_name
\\%s\pipe\msagent_%x
-
polling_time
60000
-
port_number
80
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDqNlV6ioUpgYu3uNpULCQrWsyJgxv/ykq8da/pg0rzJnKtj3Z04xCn/FJGj0rQkVmmo0fRP0szpDbyGvsM9eXyW16lUnsfvPgybHAqD+lpVClhVZpt6UqwyxCZ3RP9GVBdSxlVIag33+Kc4QYMkY/NnwPJ2BcMyDfVGOUDWKMD2wIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SV1)
-
watermark
0
Targets
-
-
Target
449ca98cae67e67b0a55b11fb2b0db43361bad128ccfa10c75e70e8e8baaf259
-
Size
206KB
-
MD5
f796e457e5926408cffebacc4dde86f0
-
SHA1
b2ea224436eb60d31cca905d505872b7453f5165
-
SHA256
449ca98cae67e67b0a55b11fb2b0db43361bad128ccfa10c75e70e8e8baaf259
-
SHA512
ac70385988ba758d6295c329adcee7129f5d680b6a8afb8c6022e59fa81a509ce42d421ce1cff9c1ef734c6e8baaf78078892b7cf92e90eea86c77f0e76d6c39
Score3/10 -