General
-
Target
2d3bd5579f6a54cac49a26142f2d4de1.exe
-
Size
157KB
-
Sample
221108-rnzwjaddfk
-
MD5
2d3bd5579f6a54cac49a26142f2d4de1
-
SHA1
96ed99c2f0ac2896369221fd9539847088f4abe5
-
SHA256
0461700051e86d2c7bb96b3151db07507a6cb7c05d235e39b001823f70f8b130
-
SHA512
a6838c24b52b29fb75265c72fde547737ebd14a915af34e7ff40cc81ba0dcf6c3c1960c5749f3686582b28a780e158748a424be3b4703f9c1d0f40d46582ed44
-
SSDEEP
3072:SEoWpC7otJ4rI2+vx6WF8kOuR+zsPKJRA5keJVMqK1PghFwFWxdUZT+fZwGW/:rz1tJvvx6Wik9R+mJPKlOwMnBfZq
Behavioral task
behavioral1
Sample
2d3bd5579f6a54cac49a26142f2d4de1.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
2d3bd5579f6a54cac49a26142f2d4de1.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
cobaltstrike
1359593325
http://101.34.93.112:4443/api/x
-
access_type
512
-
beacon_type
2048
-
host
101.34.93.112,/api/x
-
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAcAAAAAAAAAAwAAAAIAAAAKU0VTU0lPTklEPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAcAAAAAAAAAAwAAAAIAAAAJSlNFU1NJT049AAAABgAAAAZDb29raWUAAAAHAAAAAQAAAAMAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
1000
-
port_number
4443
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCls+Ts7vDp4PueIMmI6SDvQ/M7pxZ8qLWXmiSlf0cUeLuVdVtbeotiukVWt/D3khxce0MxMUPjMwbfYljwM/3qyzGjuOsyxb5ySAOjPJ1oOJs2ZR7jcuLMpUqsrBssfyHW2rTkqbGvJrWnHTVK9hn1+XA890Kkr4R+QOLh7Cu3zQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
1.481970944e+09
-
unknown2
AAAABAAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/api/y
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:80.0) Gecko/20100101 Firefox/80.0
-
watermark
1359593325
Targets
-
-
Target
2d3bd5579f6a54cac49a26142f2d4de1.exe
-
Size
157KB
-
MD5
2d3bd5579f6a54cac49a26142f2d4de1
-
SHA1
96ed99c2f0ac2896369221fd9539847088f4abe5
-
SHA256
0461700051e86d2c7bb96b3151db07507a6cb7c05d235e39b001823f70f8b130
-
SHA512
a6838c24b52b29fb75265c72fde547737ebd14a915af34e7ff40cc81ba0dcf6c3c1960c5749f3686582b28a780e158748a424be3b4703f9c1d0f40d46582ed44
-
SSDEEP
3072:SEoWpC7otJ4rI2+vx6WF8kOuR+zsPKJRA5keJVMqK1PghFwFWxdUZT+fZwGW/:rz1tJvvx6Wik9R+mJPKlOwMnBfZq
Score10/10 -