General
-
Target
57ef2c7b9d34f6ebe5673e97eefc0feeaac7d1bfc5e5c9c6016412dafbec1d76
-
Size
255KB
-
Sample
220724-vtp53acbe7
-
MD5
8c90f4e68b516806faa0104270fe7513
-
SHA1
9e329c096f90dbc479c8f2d581fcd7e761f3c6a2
-
SHA256
57ef2c7b9d34f6ebe5673e97eefc0feeaac7d1bfc5e5c9c6016412dafbec1d76
-
SHA512
778ad7fd3b1f2e74c5c09ccb31dd9f2e6f19b56816a9450003ca86a79db92b4897ad4b461745ee5acfa99697055fced3fa210666c4b2b6e05370a26f34a49912
Behavioral task
behavioral1
Sample
57ef2c7b9d34f6ebe5673e97eefc0feeaac7d1bfc5e5c9c6016412dafbec1d76.dll
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
57ef2c7b9d34f6ebe5673e97eefc0feeaac7d1bfc5e5c9c6016412dafbec1d76.dll
Resource
win10v2004-20220722-en
Malware Config
Extracted
cobaltstrike
1359593325
http://c.virscan.xyz:80/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
-
access_type
512
-
host
c.virscan.xyz,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
-
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAABAAAAATSG9zdDogYy52aXJzY2FuLnh5egAAAAcAAAAAAAAAAwAAAAIAAAAOc2Vzc2lvbi10b2tlbj0AAAACAAAADHNraW49bm9za2luOwAAAAEAAAAsY3NtLWhpdD1zLTI0S1UxMUJCODJSWlNZR0ozQkRLfDE0MTk4OTkwMTI5OTYAAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAQAAAAE0hvc3Q6IGMudmlyc2Nhbi54eXoAAAAJAAAACnN6PTE2MHg2MDAAAAAJAAAAEW9lPW9lPUlTTy04ODU5LTE7AAAABwAAAAAAAAAFAAAAAnNuAAAACQAAAAZzPTM3MTcAAAAHAAAAAQAAAAMAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
12800
-
polling_time
15000
-
port_number
80
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCJ7WqVmEJN5gRavgc4zEF2G8IObXw+bAGK5maCfugp1qxeadATwY9emd2E5gtGXzwcxo712CRjDQmnCe9jVY10h0KxhlPzFziR+XqTnFgYT2A9+t75VWeLc68HcMACxJrYH7QBkT3b0woODjXeXmJoGJT/wQ0eUUxTPwIVHyqRuwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/N4215/adj/MS.us.sr.aps
-
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
-
watermark
1359593325
Targets
-
-
Target
57ef2c7b9d34f6ebe5673e97eefc0feeaac7d1bfc5e5c9c6016412dafbec1d76
-
Size
255KB
-
MD5
8c90f4e68b516806faa0104270fe7513
-
SHA1
9e329c096f90dbc479c8f2d581fcd7e761f3c6a2
-
SHA256
57ef2c7b9d34f6ebe5673e97eefc0feeaac7d1bfc5e5c9c6016412dafbec1d76
-
SHA512
778ad7fd3b1f2e74c5c09ccb31dd9f2e6f19b56816a9450003ca86a79db92b4897ad4b461745ee5acfa99697055fced3fa210666c4b2b6e05370a26f34a49912
Score3/10 -