General
-
Target
02eca3440338a1bc8f2396959550b11c3ae000571a43efd0a2ad2db29b57196b_1.zip
-
Size
300KB
-
Sample
221208-z35pbsee5t
-
MD5
099140dd13a875b65940c5a548b25fe5
-
SHA1
a42c4b6b0aa450618be5b487e4c8724073e8e04c
-
SHA256
733b375876754c1b7aab1da2f22a4946ec835f303785dd7785372f1cf1c31375
-
SHA512
7ee02431ec942b5ba1cf4af02766235e62de18c4f56b46725ae0cb1017efd361c607a2b98ad81447c8bb53ae0e67731efe54aae465279f09347d065b1d9b86b4
-
SSDEEP
6144:s3hZbcHywRVEnLCJiwZ3OwjTrayvNGx4an7fR9+UAGWoz/m6CwtZO8ArGPmruzrW:s3hpcjRVSaiwZeuTrPvNCBn7nZAg5z6h
Static task
static1
Behavioral task
behavioral1
Sample
02eca3440338a1bc8f2396959550b11c3ae000571a43efd0a2ad2db29b57196b.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
02eca3440338a1bc8f2396959550b11c3ae000571a43efd0a2ad2db29b57196b.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
cobaltstrike
100000000
http://43.139.215.184:80/js/components/content-info-b0c0e5245b.js
-
access_type
512
-
host
43.139.215.184,/js/components/content-info-b0c0e5245b.js
-
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAABMQWNjZXB0LUxhbmd1YWdlOiB6aC1DTix6aDtxPTAuOCx6aC1UVztxPTAuNyx6aC1ISztxPTAuNSxlbi1VUztxPTAuMyxlbjtxPTAuMgAAAAoAAAAfWC1Gb3J3YXJkZWQtRm9yOiAyMjAuMTgxLjM4LjI1MQAAAAcAAAAAAAAAAwAAAAIAAABDaHR0cHM6Ly9iYWlkdS5jb20vaG9tZS94bWFuL2RhdGEvdGlwc3BsdXNsaXN0P2luZGV4dHlwZT0xJl9fY2ZkdWlkPQAAAAYAAAAHUmVmZXJlcgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAABMQWNjZXB0LUxhbmd1YWdlOiB6aC1DTix6aDtxPTAuOCx6aC1UVztxPTAuNyx6aC1ISztxPTAuNSxlbi1VUztxPTAuMyxlbjtxPTAuMgAAAAoAAAAfWC1Gb3J3YXJkZWQtRm9yOiAyMjAuMTgxLjM4LjI1MQAAAAcAAAAAAAAAAwAAAAIAAABDaHR0cHM6Ly9iYWlkdS5jb20vaG9tZS94bWFuL2RhdGEvdGlwc3BsdXNsaXN0P2luZGV4dHlwZT0xJl9fY2ZkdWlkPQAAAAYAAAAHUmVmZXJlcgAAAAcAAAABAAAADwAAAA0AAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
15360
-
polling_time
12000
-
port_number
80
-
sc_process32
%windir%\syswow64\dllhost.exe
-
sc_process64
%windir%\sysnative\dllhost.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCJm1P3lTd3ygHulswJL4tajEl2XHAmjfIKdoZglWZIQx3gRex7B4DAGNGAyJhPYtciPl2sZyXyOU7cMUPguaLvneN3qDam4/eu+THXQ2gut5l+tYDr6jnxm1mDELT0CllhhHPtsitGkw95nUQ1Mws0zg6MjCW/4kOCxDoiTQLLMQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
3.24495488e+09
-
unknown2
AAAABAAAAAEAAAXeAAAAAgAAADkAAAACAAAPTwAAAA0AAAAPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/js/super_load-9f784471ea.js
-
user_agent
Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0.0)
-
watermark
100000000
Targets
-
-
Target
02eca3440338a1bc8f2396959550b11c3ae000571a43efd0a2ad2db29b57196b
-
Size
579KB
-
MD5
b34dc607e183d28d55aa318a0cf8fb9c
-
SHA1
565c44d8f5e57522bad350dff54a60fde6b20ab9
-
SHA256
02eca3440338a1bc8f2396959550b11c3ae000571a43efd0a2ad2db29b57196b
-
SHA512
0f6b8a8ed0e42c836d43da2a69e9f83e232229cb9dacc72d1d100b7ed009f8c90732853287506243da6f88475387277dcc95173723d2bb8fc3d38a4d1462c846
-
SSDEEP
12288:aEUBvgWW5m71Op55otLKS5s/bqnseuZWz3USm:yBvZW5m5g55oLabqnse/jl
Score10/10 -