General
-
Target
calc.zip
-
Size
107KB
-
Sample
220930-m9mqwaddc5
-
MD5
0ca6d5e453792bbf7d20831cbbdb8559
-
SHA1
704978a9e904f23ebff12ceec6ee9206978cf57a
-
SHA256
12d5db621bcd8ace97296834a9526fb6a4cfc50cc8b40584fd247d5f3c277eb1
-
SHA512
0636e416e351ce45a0af816ab18f14e27555a479d1df3b7589aafba10588827c37321e8e61fab88835c8e0b4e41c021c6edefe41f896485bd1944b7f3940ee61
-
SSDEEP
3072:wehUJ4A32sZdb8cKVWFRlNMYWfWsNPKU3F5Jm6U:1OJjZdIWFLWW8PZJm6U
Behavioral task
behavioral1
Sample
calc.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
calc.dll
Resource
win10v2004-20220812-en
Malware Config
Extracted
cobaltstrike
305419896
http://192.168.1.20:443/ptj
-
access_type
512
-
beacon_type
2048
-
host
192.168.1.20,/ptj
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_method1
GET
-
http_method2
POST
-
maxdns
255
-
polling_time
60000
-
port_number
443
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCnCZHWnYFqYB/6gJdkc4MPDTtBJ20nkEAd3tsY4tPKs8MV4yIjJb5CtlrbKHjzP1oD/1AQsj6EKlEMFIKtakLx5+VybrMYE+dDdkDteHmVX0AeFyw001FyQVlt1B+OSNPRscKI5sh1L/ZdwnrMy6S6nNbQ5N5hls6k2kgNO5nQ7QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
-
watermark
305419896
Targets
-
-
Target
calc.exe
-
Size
204KB
-
MD5
9590936149f3ad655e6c6e6e40ffd309
-
SHA1
580c1ca3d1d22bfe3ebbf47de4e82465217f3230
-
SHA256
39c19171dd55fa81f755f1aa3e431999ece285f50af34331e651a25952e2906e
-
SHA512
b1eaf581df67fbac53fc0f1b2061737a15470b415c8e2d429405704a3b60d27cad41ca84020e7a40d43e21760aad542e1db431b7cd9c499c5b1bbb1bc1db314b
-
SSDEEP
3072:5dFna2JSkcrnYSdM50RAXSPy0qUiS0Lxh5H4evyzUhjQUc5Gy:FRYkcrY4MCIt07iPlvU0jy
Score3/10 -