General
-
Target
a3bad5dc407e91902f7f5f2b49f7e4cfa2d9387638723fbe7e94e0e93dce0f95.zip
-
Size
7KB
-
Sample
221101-m81w4sbca5
-
MD5
73583b7bb0f1759674c792a8a0383140
-
SHA1
e0ffd1f22047394ef4a1f82fabc4b50673f843c7
-
SHA256
cd653e8f498ed4c005eef4d71498db063e7f4ffa75ed061a72707759989ec69d
-
SHA512
937e5f4b2149fe17e81045d03bc578da3af4a1f82ae7a774261db37f5ef0e0707a6ee4857e9ee9d8e8bdfb29ec1fb1ac1e77d6b92e494c961071a0e6036742aa
-
SSDEEP
192:zJDyn09Z3lYSuKPH12lyYbqL3ocjcuePgfXKpxzNUf5:zB9yKclyYbqL0u87xzNm5
Static task
static1
Behavioral task
behavioral1
Sample
a3bad5dc407e91902f7f5f2b49f7e4cfa2d9387638723fbe7e94e0e93dce0f95.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
a3bad5dc407e91902f7f5f2b49f7e4cfa2d9387638723fbe7e94e0e93dce0f95.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
cobaltstrike
1359593325
http://rngupdatem.buzz:443/nv.js
-
access_type
512
-
beacon_type
2048
-
host
rngupdatem.buzz,/nv.js
-
http_header1
AAAAEAAAABVIb3N0OiBybmd1cGRhdGVtLmJ1enoAAAAKAAAAPUFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjkAAAAKAAAAMGFjY2VwdC1sYW5ndWFnZTogcT0wLjgsZW4tR0I7cT0wLjcsZW4tVVM7cT0wLjkuNwAAAAkAAAAJZm9ybWF0PWpzAAAABwAAAAAAAAALAAAAAwAAAAIAAAAad29vY29tbWVyY2VfaXRlbXNfaW5fY2FydD0AAAAGAAAABkNvb2tpZQAAAAkAAAAMZWNob3N0cj10cnVlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAAEAAAABVIb3N0OiBybmd1cGRhdGVtLmJ1enoAAAAKAAAAPUFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjkAAAAKAAAAMGFjY2VwdC1sYW5ndWFnZTogcT0wLjgsZW4tR0I7cT0wLjcsZW4tVVM7cT0wLjkuNwAAAAoAAAAYQ29udGVudC1UeXBlOiB0ZXh0L3BsYWluAAAABwAAAAEAAAALAAAAAwAAAAQAAAAHAAAAAAAAAAMAAAACAAAADl9fc2Vzc2lvbl9faWQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
9472
-
polling_time
30000
-
port_number
443
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCpm3c7f2r8xUL9lc4ewj3q8vb7xa6mlqAaNLbJwSsTQOhTd6+t0JxpYvt5FisffawQiZstQ0ZMJYMuGL/kyXzNRPwRASIATmocdHDz1fsYga6Tzx4tWSAh8IJshSG9PqxUqX6dsq39V3+IGoTpi44BrMY09ODUUv+ASppbaDGEFwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4.272630272e+09
-
unknown2
AAAABAAAAAIAAAFSAAAAAwAAAAsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/en
-
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Edg/99.0.1140.31
-
watermark
1359593325
Targets
-
-
Target
a3bad5dc407e91902f7f5f2b49f7e4cfa2d9387638723fbe7e94e0e93dce0f95.exe
-
Size
21KB
-
MD5
ff9e3c1137ebd473823c19a66ee8ca61
-
SHA1
151e1c8b63e0c39870b1dd84a537941b199a103f
-
SHA256
a3bad5dc407e91902f7f5f2b49f7e4cfa2d9387638723fbe7e94e0e93dce0f95
-
SHA512
eb84318c7fda81559183193ccb68fb61ea36b73fe30985b94b93ba28016670560fd4cc7344d7dd00ffb3480e2d02f912f6ff6f29a9405a464852bc3fce8c549d
-
SSDEEP
384:fx3V1yp0MZont1Bvytm2BJL3YpbwrNcq:ftunw1BvyL3Y1Sp
Score10/10 -