General
-
Target
ae87f8f960b633672a3489b92be73ed5b96f264c950621dc7a422fc966706fbc
-
Size
206KB
-
Sample
221204-w17jcshe5x
-
MD5
c461cd3d411b21c2dec5a4f0eb3fb265
-
SHA1
f2a5de359ca8945c1ab2c9738497a40bb8dabc3a
-
SHA256
ae87f8f960b633672a3489b92be73ed5b96f264c950621dc7a422fc966706fbc
-
SHA512
3a3405aeb8ffdd118e5e80e7fb2dfb587ccb3a580646413e2ed966b3e4d76fa5e1cf461ff29eb4bdd9a83e965af6e93d2d77ad730927422b45a96f3914a23f72
-
SSDEEP
3072:0nT2RRXuwcN3OQXB8CITr9VV2ILe126JyTuBdjdUXt5aLj:0wXupN1x8CgBbRLDTuLjY
Malware Config
Extracted
cobaltstrike
1234567890
http://service-deam9n43-1257046868.bj.apigw.tencentcs.com:80/api/x
-
access_type
512
-
host
service-deam9n43-1257046868.bj.apigw.tencentcs.com,/api/x
-
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAcAAAAAAAAAAwAAAAIAAAAKU0VTU0lPTklEPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAcAAAAAAAAAAwAAAAIAAAAJSlNFU1NJT049AAAABgAAAAZDb29raWUAAAAHAAAAAQAAAAMAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
3000
-
port_number
80
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVAry3za/TQqesDd3YH5l7U9vIzMgr54P9qoHkQaXWbN5dYdB+ReSkfCfEI+7hIXTSqTXWZauWUmPTLG8ewv47uQG+lCIFNXBAmTb1puCNef+ux9xtXXMjvNxBgGojIyGLb5dH98gfGL8WaTwkXSHX35AK/wmSXop3qVNwokZTBwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
1.481970944e+09
-
unknown2
AAAABAAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/api/y
-
user_agent
Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0)
-
watermark
1234567890
Targets
-
-
Target
ae87f8f960b633672a3489b92be73ed5b96f264c950621dc7a422fc966706fbc
-
Size
206KB
-
MD5
c461cd3d411b21c2dec5a4f0eb3fb265
-
SHA1
f2a5de359ca8945c1ab2c9738497a40bb8dabc3a
-
SHA256
ae87f8f960b633672a3489b92be73ed5b96f264c950621dc7a422fc966706fbc
-
SHA512
3a3405aeb8ffdd118e5e80e7fb2dfb587ccb3a580646413e2ed966b3e4d76fa5e1cf461ff29eb4bdd9a83e965af6e93d2d77ad730927422b45a96f3914a23f72
-
SSDEEP
3072:0nT2RRXuwcN3OQXB8CITr9VV2ILe126JyTuBdjdUXt5aLj:0wXupN1x8CgBbRLDTuLjY
Score3/10 -