General
-
Target
beacon1.exe
-
Size
218KB
-
Sample
230101-q8hbjsbh32
-
MD5
91b36c567d287d9cc83ddf092a0603df
-
SHA1
ec86406aa03191d9d75e74998496b894486f67eb
-
SHA256
99b6c17df3035babbd761d0e6a018d31afd680803dacdfcb2cfcd7ea74229799
-
SHA512
54ec27d4e2b58922476ac024dfc26ca9df2a99879d989b2ba1e99646a52bfcf78ff41e00fb3ed78ff03ba0decb8101e18b389d818b587c285181dcf2395da064
-
SSDEEP
6144:dMrbvueGl1rIr3v4yxiRsV9x6OaAPPvU075uy:dM2eGl1eh+DOBHzuy
Malware Config
Extracted
cobaltstrike
674054486
http://esoftwareupdates.com:443/ms.css
-
access_type
512
-
beacon_type
2048
-
host
esoftwareupdates.com,/ms.css
-
http_header1
AAAAEAAAABpIb3N0OiBlc29mdHdhcmV1cGRhdGVzLmNvbQAAAAoAAAARQ29ubmVjdGlvbjogY2xvc2UAAAAHAAAAAAAAAA8AAAADAAAAAgAAAAVTU0lEPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAAEAAAABpIb3N0OiBlc29mdHdhcmV1cGRhdGVzLmNvbQAAAAoAAAARQ29ubmVjdGlvbjogY2xvc2UAAAAKAAAAGUFjY2VwdC1FbmNvZGluZzogZ3ppcCwgYnIAAAAKAAAAGENvbnRlbnQtVHlwZTogdGV4dC9wbGFpbgAAAAcAAAABAAAACAAAAAMAAAAEAAAABwAAAAAAAAADAAAAAgAAAA5fX3Nlc3Npb25fX2lkPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
11008
-
polling_time
55174
-
port_number
443
-
sc_process32
%windir%\syswow64\runonce.exe
-
sc_process64
%windir%\sysnative\runonce.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDrlCPi17/GGpcxU/qeH3CDQDmjJlCrxctbBHn/rF/Aq5wYE3kYu15Pi/AlXLT6HXfoioT49rioNFzih3IZjkezaKcKilnG2Coz1996UyoTEY/PIqc6Xg/mKqDGD8gaQjcv/y+/tR4PdtG6MnVjJn0ycKC0tu4Kg11otTWTrptOiQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
2.708806656e+09
-
unknown2
AAAABAAAAAIAAAPVAAAAAwAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/index
-
user_agent
Mozilla/5.0 (Linux; Android 6.0; HTC One X10 Build/MRA58K; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0
-
watermark
674054486
Targets
-
-
Target
beacon1.exe
-
Size
218KB
-
MD5
91b36c567d287d9cc83ddf092a0603df
-
SHA1
ec86406aa03191d9d75e74998496b894486f67eb
-
SHA256
99b6c17df3035babbd761d0e6a018d31afd680803dacdfcb2cfcd7ea74229799
-
SHA512
54ec27d4e2b58922476ac024dfc26ca9df2a99879d989b2ba1e99646a52bfcf78ff41e00fb3ed78ff03ba0decb8101e18b389d818b587c285181dcf2395da064
-
SSDEEP
6144:dMrbvueGl1rIr3v4yxiRsV9x6OaAPPvU075uy:dM2eGl1eh+DOBHzuy
Score1/10 -