General
-
Target
1.exe
-
Size
978KB
-
Sample
221208-zpbjbsed8s
-
MD5
fa6a302b0750f3eacef9f53dad70e1ac
-
SHA1
2cb13ef11cc6871bda8620d9487f8f2bb4c4245b
-
SHA256
aca5df1c030674df2a2951643483c0eca05333dcb1392411f978ae625c269a7e
-
SHA512
e09ecd6758212b648e2d84346d8f2e9c704ff31fa56f9133a37a66654de9f9caccea5068e4d204ce16c7ef235bf67270ff59afd7479210b13ecdcc4c04cbb698
-
SSDEEP
24576:D+w4BJ9N1CnDSRZ7acaLaJafaFRQsQvUKgEh3ZOZ7VTVd/fXg0HsiNp+:6w4b9N1CnDST7acaLaJafaFRQsQvUKgs
Malware Config
Extracted
cobaltstrike
0
http://pejapezey.com:443/modules
-
access_type
512
-
beacon_type
2048
-
host
pejapezey.com,/modules
-
http_header1
AAAAEAAAAA5Ib3N0OiBsaXZlLmNvbQAAAAoAAAARQ29ubmVjdGlvbjogY2xvc2UAAAAHAAAAAAAAAAgAAAADAAAAAgAAAAxyZWdfZmJfZ2F0ZT0AAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAAEAAAAA5Ib3N0OiBsaXZlLmNvbQAAAAoAAAARQ29ubmVjdGlvbjogY2xvc2UAAAAKAAAAGENvbnRlbnQtVHlwZTogdGV4dC9wbGFpbgAAAAcAAAABAAAACAAAAAMAAAAEAAAABwAAAAAAAAADAAAAAgAAAA5fX3Nlc3Npb25fX2lkPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
3840
-
polling_time
5000
-
port_number
443
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJZyoOKoVvR9ZEgM6UE6ISPIPxIZrcVQMEjIT6NtrpUPZb2fRCiKjqjylJvlyw12ynh5q/iXJdjIvtPRHjHVG8MJ1Rvs/NX3KXFrsT5zMkMTycyUZY79u4HC9Q6mXs+EBf7kVJq9cns8FFgBJWf8HWu46pwfyrhidk5mJ8JY7wKQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
2.924877056e+09
-
unknown2
AAAABAAAAAIAAAFSAAAAAwAAAA8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/modules
-
user_agent
Mozilla/5.0 (Linux; Android 7.0; Pixel C Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0
-
watermark
0
Targets
-
-
Target
1.exe
-
Size
978KB
-
MD5
fa6a302b0750f3eacef9f53dad70e1ac
-
SHA1
2cb13ef11cc6871bda8620d9487f8f2bb4c4245b
-
SHA256
aca5df1c030674df2a2951643483c0eca05333dcb1392411f978ae625c269a7e
-
SHA512
e09ecd6758212b648e2d84346d8f2e9c704ff31fa56f9133a37a66654de9f9caccea5068e4d204ce16c7ef235bf67270ff59afd7479210b13ecdcc4c04cbb698
-
SSDEEP
24576:D+w4BJ9N1CnDSRZ7acaLaJafaFRQsQvUKgEh3ZOZ7VTVd/fXg0HsiNp+:6w4b9N1CnDST7acaLaJafaFRQsQvUKgs
Score10/10-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-