General
-
Target
4b6ec41074a31da833e66fd7cb668b0225a5045a56bcf25fd6f73564c84e9354
-
Size
731KB
-
Sample
220712-lzk9madagn
-
MD5
ae97823e4bcf5dff2c36746ae666b249
-
SHA1
f5bfbc4978392f0fd595c4f45953902cea8ae8ec
-
SHA256
4b6ec41074a31da833e66fd7cb668b0225a5045a56bcf25fd6f73564c84e9354
-
SHA512
ede2030672adc5bca446e50948127cc21b62ed70a7be1f09f60aadc60c8e86f60c432266a0d658edac0f76851a5eb4ec9c7ca2e03cdd3d81ed28e8d9fde40413
Static task
static1
Behavioral task
behavioral1
Sample
4b6ec41074a31da833e66fd7cb668b0225a5045a56bcf25fd6f73564c84e9354.dll
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
4b6ec41074a31da833e66fd7cb668b0225a5045a56bcf25fd6f73564c84e9354.dll
Resource
win10v2004-20220414-en
Malware Config
Extracted
cobaltstrike
0
-
watermark
0
Extracted
cobaltstrike
305419896
http://balalaikabrasss.com:443/Content
-
access_type
512
-
beacon_type
2048
-
dns_idle
2.778920455e+09
-
dns_sleep
1.996488704e+09
-
host
balalaikabrasss.com,/Content
-
http_header1
AAAAEAAAABlIb3N0OiBiYWxhbGFpa2FicmFzc3MuY29tAAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAASQWNjZXB0OiBpbWFnZS9qcGVnAAAACgAAABNBY2NlcHQtRW5jb2Rpbmc6IGJyAAAABwAAAAAAAAAPAAAAAwAAAAIAAAAFU1NJRD0AAAAGAAAABkNvb2tpZQAAAAkAAAAMbmV3bmFtZT10cnVlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_header2
AAAAEAAAABlIb3N0OiBiYWxhbGFpa2FicmFzc3MuY29tAAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAAVQWNjZXB0LUVuY29kaW5nOiBnemlwAAAACgAAAC9Db250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZAAAAAcAAAABAAAACAAAAAMAAAACAAAABmFncmVlPQAAAAQAAAAHAAAAAAAAAAMAAAACAAAADl9fc2Vzc2lvbl9faWQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_method1
GET
-
http_method2
POST
-
jitter
9472
-
maxdns
247
-
polling_time
55063
-
port_number
443
-
sc_process32
%windir%\syswow64\runonce.exe
-
sc_process64
%windir%\sysnative\runonce.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCG1+V8zMTEc5v3K4FQCpQF3/J8/QqUI5g6L5lit9z+wNIeXn/Jn1fqEwGvHt0Hbf2u9Oluk3GeREfLWPfZQigPqwBC3a0rqBEdQg6dQNNlMGOl7AkUOdwohCmjlF+yP/a8sX0/dHPghUxB9jESaJsv2ZccXtr0HlIl/GM/tkGdewIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4.272630272e+09
-
unknown2
AAAABAAAAAIAAAFSAAAAAwAAAAsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/ms
-
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.246
-
watermark
305419896
Targets
-
-
Target
4b6ec41074a31da833e66fd7cb668b0225a5045a56bcf25fd6f73564c84e9354
-
Size
731KB
-
MD5
ae97823e4bcf5dff2c36746ae666b249
-
SHA1
f5bfbc4978392f0fd595c4f45953902cea8ae8ec
-
SHA256
4b6ec41074a31da833e66fd7cb668b0225a5045a56bcf25fd6f73564c84e9354
-
SHA512
ede2030672adc5bca446e50948127cc21b62ed70a7be1f09f60aadc60c8e86f60c432266a0d658edac0f76851a5eb4ec9c7ca2e03cdd3d81ed28e8d9fde40413
Score10/10 -