General
-
Target
42e912391dc39e96b94c9627a8d959c105e5d59498c715b35c5976aa43d722fd
-
Size
202KB
-
Sample
220708-az85xaagbn
-
MD5
573d3bd76d7081d9d3157418c3ef93de
-
SHA1
65d892e0b5c17cc5f61edd7ae8fa9b8cf6b8b2e1
-
SHA256
42e912391dc39e96b94c9627a8d959c105e5d59498c715b35c5976aa43d722fd
-
SHA512
9b895748f35abca711e5aa24637e06faf228ad8e67e0e964fb438f1007471c6b5bdf6b072d98d4ff071b5cd580a44798279e558fd5284822467bd51d45a55a7b
Static task
static1
Behavioral task
behavioral1
Sample
42e912391dc39e96b94c9627a8d959c105e5d59498c715b35c5976aa43d722fd.dll
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
42e912391dc39e96b94c9627a8d959c105e5d59498c715b35c5976aa43d722fd.dll
Resource
win10v2004-20220414-en
Malware Config
Extracted
cobaltstrike
0
http://188.166.165.121:4466/j.ad
-
access_type
512
-
create_remote_thread
256
-
crypto_scheme
256
-
host
188.166.165.121,/j.ad
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_method1
GET
-
http_method2
POST
-
maxdns
255
-
pipe_name
\\%s\pipe\msagent_%x
-
polling_time
60000
-
port_number
4466
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCUH/WNn/6j6dXvguc9max1t3WmTc31pC23CvBLYfB5rto3DY1b4Afzi0QHgasdNmZJ35cdAvm5nOynqCVaWp9Zl5ItbBYRxOIOaFIPZV0cQTpLc9LH9RXmKuvvEXO+tXrRvJy7iQBpOtHOMYA7n2FLvlB5PapvQ7IH1QxKLN53AQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322)
-
watermark
0
Targets
-
-
Target
42e912391dc39e96b94c9627a8d959c105e5d59498c715b35c5976aa43d722fd
-
Size
202KB
-
MD5
573d3bd76d7081d9d3157418c3ef93de
-
SHA1
65d892e0b5c17cc5f61edd7ae8fa9b8cf6b8b2e1
-
SHA256
42e912391dc39e96b94c9627a8d959c105e5d59498c715b35c5976aa43d722fd
-
SHA512
9b895748f35abca711e5aa24637e06faf228ad8e67e0e964fb438f1007471c6b5bdf6b072d98d4ff071b5cd580a44798279e558fd5284822467bd51d45a55a7b
Score3/10 -