General
-
Target
6625f7f63006c40b0d8636534f5bf28ae4d294effa2765516afa0bd72b52f03d
-
Size
306KB
-
Sample
220819-j5wlfaddf8
-
MD5
19ee03c191cd16a5466e15099b318526
-
SHA1
23a232fc5d590c17b562c0970eab0b4097ee490b
-
SHA256
6625f7f63006c40b0d8636534f5bf28ae4d294effa2765516afa0bd72b52f03d
-
SHA512
261760526afc1d53f5bcd17e99abfec41d8f9723323b39860ec676328a27bc7938da82b0d92adf40a9442e0595804b6dddf71ca7bf9f0d3d35703cb44b174dfe
-
SSDEEP
6144:dfXiliZA5BRDSOmfaD3pJLDZZSWkf8Il6ZRhZ:tXK6OmfqHHbSWG8IlkbZ
Static task
static1
Behavioral task
behavioral1
Sample
6625f7f63006c40b0d8636534f5bf28ae4d294effa2765516afa0bd72b52f03d.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
6625f7f63006c40b0d8636534f5bf28ae4d294effa2765516afa0bd72b52f03d.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
cobaltstrike
1359593325
http://fuckersss6al9.b0.aicdn.com:80/owa/
http://nm.aicdn.com:80/owa/
http://fuckersss6al9.b1.aicdn.com:80/owa/
-
access_type
512
-
host
fuckersss6al9.b0.aicdn.com,/owa/,nm.aicdn.com,/owa/,fuckersss6al9.b1.aicdn.com,/owa/
-
http_header1
AAAAEAAAABpIb3N0OiB3d3cub3V0bG9vay5saXZlLmNvbQAAAAoAAAALQWNjZXB0OiAqLyoAAAAKAAAAhkNvb2tpZTogTWljcm9zb2Z0QXBwbGljYXRpb25zVGVsZW1ldHJ5RGV2aWNlSWQ9OTVjMThkOC00ZGNlOTg1NDtDbGllbnRJZD0xQzBGNkM1RDkxMEY5O01TUEF1dGg9M0VrQWpES2pJO3hpZD03MzBiZjc7d2xhNDI9WkcweU16QTJLakVzAAAABwAAAAAAAAANAAAABQAAAAJ3YQAAAAkAAAAOcGF0aD0vY2FsZW5kYXIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAAEAAAABpIb3N0OiB3d3cub3V0bG9vay5saXZlLmNvbQAAAAoAAAALQWNjZXB0OiAqLyoAAAAHAAAAAQAAAA0AAAAFAAAAAndhAAAABwAAAAAAAAANAAAAAgAAAAZ3bGE0Mj0AAAACAAAAC3hpZD03MzBiZjc7AAAAAgAAABJNU1BBdXRoPTNFa0FqREtqSTsAAAACAAAAF0NsaWVudElkPTFDMEY2QzVEOTEwRjk7AAAAAgAAADhNaWNyb3NvZnRBcHBsaWNhdGlvbnNUZWxlbWV0cnlEZXZpY2VJZD05NWMxOGQ4LTRkY2U5ODU0OwAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
GET
-
jitter
7680
-
polling_time
5000
-
port_number
80
-
sc_process32
%windir%\syswow64\gpupdate.exe
-
sc_process64
%windir%\sysnative\gpupdate.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCgwZtr5WmRWGqXa6bxdqQDUmj+XU+vA4zK2b7Nfzq4qy143458ufxXidOMjoSLVP3BqyJgWamd0KYY7Yt3bDmFbWashi7f+OYdWpDNixd5AvcGOOzQhShEZ/0Uz8CG/gc99swyssnxs0YBg9Hka4Wh0ufxO89KSApuLegLE5i1/QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
1.448416512e+09
-
unknown2
AAAABAAAAA0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown3
1.610612736e+09
-
uri
/OWA/
-
user_agent
Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)
-
watermark
1359593325
Targets
-
-
Target
6625f7f63006c40b0d8636534f5bf28ae4d294effa2765516afa0bd72b52f03d
-
Size
306KB
-
MD5
19ee03c191cd16a5466e15099b318526
-
SHA1
23a232fc5d590c17b562c0970eab0b4097ee490b
-
SHA256
6625f7f63006c40b0d8636534f5bf28ae4d294effa2765516afa0bd72b52f03d
-
SHA512
261760526afc1d53f5bcd17e99abfec41d8f9723323b39860ec676328a27bc7938da82b0d92adf40a9442e0595804b6dddf71ca7bf9f0d3d35703cb44b174dfe
-
SSDEEP
6144:dfXiliZA5BRDSOmfaD3pJLDZZSWkf8Il6ZRhZ:tXK6OmfqHHbSWG8IlkbZ
Score10/10 -