General
-
Target
0ed71442bc6234d6ffd671a83a55be74b41edfda62cbc41d4b2ce20d091fa65f
-
Size
6.6MB
-
Sample
220822-pvkdbaagf4
-
MD5
f0a8b08e7efe3166b7842b3d70cd5b09
-
SHA1
87c3249b8080892534c257ac7810b157b8ac36c9
-
SHA256
0ed71442bc6234d6ffd671a83a55be74b41edfda62cbc41d4b2ce20d091fa65f
-
SHA512
f6199d14163780b379718ddbf0530caf559a20e50b32e2ca93ced139f7a2f465ad23f9ea54e1e864dea1894a395fef663710531b432fc1c31df66e4a3575fee7
-
SSDEEP
98304:NAmaOgoxAT4HQktlw2Kce26t+JhVWn2xxjsDjw2aRC1dIzsJosp03zQyRNNKkNA4:NSVhM3tlKXqXWnAb2aR8IzlspOPNGG
Behavioral task
behavioral1
Sample
0ed71442bc6234d6ffd671a83a55be74b41edfda62cbc41d4b2ce20d091fa65f.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
cobaltstrike
1
http://www.360safe.tk:2083/download/jquery-3.3.4.min.js/3
-
access_type
512
-
beacon_type
2048
-
host
www.360safe.tk,/download/jquery-3.3.4.min.js/3
-
http_header1
AAAAEAAAABRIb3N0OiB3d3cuMzYwc2FmZS50awAAAAoAAAAgUmVmZXJlcjogaHR0cDovL2NvZGUuanF1ZXJ5LmNvbS8AAAAKAAAAHkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQAAAAoAAABHQWNjZXB0OiB0ZXh0L2h0bWwsYXBwbGljYXRpb24veGh0bWwreG1sLGFwcGxpY2F0aW9uL3htbDtxPTAuOSwqLyo7cT0wLjgAAAAKAAAAH0FjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjUAAAAHAAAAAAAAAAMAAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAAEAAAABRIb3N0OiB3d3cuMzYwc2FmZS50awAAAAoAAAAgUmVmZXJlcjogaHR0cDovL2NvZGUuanF1ZXJ5LmNvbS8AAAAKAAAAHkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQAAAAoAAABHQWNjZXB0OiB0ZXh0L2h0bWwsYXBwbGljYXRpb24veGh0bWwreG1sLGFwcGxpY2F0aW9uL3htbDtxPTAuOSwqLyo7cT0wLjgAAAAKAAAAH0FjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjUAAAAHAAAAAAAAAAwAAAAHAAAAAQAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
2083
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCEdU7+K73SZRVCCcVKH30HCHZT5JuPpN6l/b0KLieRDIrUtB0Zw1Qau0lCyV25NbwC3daWMzstvpCTcj6Ki8B/v1nb06IQ3Y/9yUtdMMz8TNrldVMvvpb3+5zr9wI3hHAcxnhw6iGAMmROhHehuPxF+8hVf8jeAAQLuHx8W6t5TwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
2.702512128e+09
-
unknown2
AAAABAAAAAEAAAXyAAAAAgAAAFQAAAACAAAPWwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/download/jquery-3.3.4.min.js/4
-
user_agent
Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36
-
watermark
1
Targets
-
-
Target
0ed71442bc6234d6ffd671a83a55be74b41edfda62cbc41d4b2ce20d091fa65f
-
Size
6.6MB
-
MD5
f0a8b08e7efe3166b7842b3d70cd5b09
-
SHA1
87c3249b8080892534c257ac7810b157b8ac36c9
-
SHA256
0ed71442bc6234d6ffd671a83a55be74b41edfda62cbc41d4b2ce20d091fa65f
-
SHA512
f6199d14163780b379718ddbf0530caf559a20e50b32e2ca93ced139f7a2f465ad23f9ea54e1e864dea1894a395fef663710531b432fc1c31df66e4a3575fee7
-
SSDEEP
98304:NAmaOgoxAT4HQktlw2Kce26t+JhVWn2xxjsDjw2aRC1dIzsJosp03zQyRNNKkNA4:NSVhM3tlKXqXWnAb2aR8IzlspOPNGG
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-