General
-
Target
bc9fa38f45390aec217a6ae2b9c9301bae374802cd59a911632b1e279bd695db
-
Size
567KB
-
Sample
230109-q776kshh3z
-
MD5
5ae56c43d08e87eff8b1e1e63b9d1bfa
-
SHA1
697f7b5a49093968e1dbe81af55b785fea11eb79
-
SHA256
bc9fa38f45390aec217a6ae2b9c9301bae374802cd59a911632b1e279bd695db
-
SHA512
fceb23d1e337c644f44c7336f461cf1ec11e90f6e00071e3dba7d4821ee18d39c0885d274c2acc710f143cc886c7ae0f79f8950c642b138f10cda9010322fc91
-
SSDEEP
12288:PLLTaLwPzp0qbF5AnyLarFrSfaKhCNL9OTg20RwfMC+vcdfsmA:zLEwLpf5Ay6FFmCNoE7qM/5mA
Static task
static1
Behavioral task
behavioral1
Sample
bc9fa38f45390aec217a6ae2b9c9301bae374802cd59a911632b1e279bd695db.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
bc9fa38f45390aec217a6ae2b9c9301bae374802cd59a911632b1e279bd695db.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
cobaltstrike
1359593325
http://101.72.205.199:443/config
http://112.25.18.136:443/admin
http://114.80.187.84:443/config
http://118.123.241.206:443/admin
http://121.207.229.136:443/config
http://122.156.134.217:443/admin
http://124.236.20.140:443/admin
http://125.37.206.217:443/login
http://125.76.247.218:443/config
http://140.249.60.232:443/config
http://14.29.40.5:443/admin
-
access_type
512
-
beacon_type
2048
-
host
101.72.205.199,/config,112.25.18.136,/admin,114.80.187.84,/config,118.123.241.206,/admin,121.207.229.136,/config,122.156.134.217,/admin,124.236.20.140,/admin,125.37.206.217,/login,125.76.247.218,/config,140.249.60.232,/config,14.29.40.5,/admin
-
http_header1
AAAAEAAAABpIb3N0OiBkb3RuZXQubWljcm9zb2Z0LmNvbQAAAAoAAAALQWNjZXB0OiAqLyoAAAAKAAAAFkFjY2VwdC1MYW5ndWFnZTogZW4tVVMAAAAKAAAAEUNvbm5lY3Rpb246IGNsb3NlAAAABwAAAAAAAAANAAAAAQAAAAQucGhwAAAABQAAAARmaWxlAAAACQAAAAt0ZXN0MT10ZXN0MgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAAEAAAABpIb3N0OiBkb3RuZXQubWljcm9zb2Z0LmNvbQAAAAoAAAALQWNjZXB0OiAqLyoAAAAKAAAAE0FjY2VwdC1MYW5ndWFnZTogZW4AAAAKAAAAEUNvbm5lY3Rpb246IGNsb3NlAAAABwAAAAEAAAANAAAABQAAAAl0ZXN0UGFyYW0AAAAHAAAAAAAAAA0AAAAFAAAAAmlkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
GET
-
jitter
8448
-
polling_time
6000
-
port_number
443
-
sc_process32
%windir%\syswow64\gpupdate.exe
-
sc_process64
%windir%\sysnative\gpupdate.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDpH5tXh4A0mRni/kTkjrCqjm6TNby6PG7Vr1bz6tPF2m85Rz97bnKJnRywQHVDzZ3G+/cjezuR/vr2lyMnk/rNcaof60SA86V2IKsopwEEJcejBmg3X8hKn2qVDg8E/roFcG8WeL2dO55uNt9/3rKTwxYkDXh8yextoFEe2RGHcQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
9.06174464e+08
-
unknown2
AAAABAAAAAEAAAAIAAAAAQAAAAgAAAABAAAACgAAAAEAAAAGAAAAAQAAAAsAAAABAAAAIQAAAAEAAABFAAAAAQAAADcAAAABAAAAQwAAAAEAAAAbAAAAAQAAAA8AAAABAAAAGQAAAAEAAAAgAAAAAQAAAEgAAAACAAAAEAAAAAIAAAARAAAAAgAAAAsAAAACAAAAHwAAAAIAAABQAAAAAgAAADwAAAACAAAANgAAAAIAAABFAAAAAgAAACYAAAACAAAACAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown3
1.610612736e+09
-
uri
/Admin
-
user_agent
Mozilla/5.0 (Windows NT 6.1) AppleWebKit/587.38 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36
-
watermark
1359593325
Targets
-
-
Target
bc9fa38f45390aec217a6ae2b9c9301bae374802cd59a911632b1e279bd695db
-
Size
567KB
-
MD5
5ae56c43d08e87eff8b1e1e63b9d1bfa
-
SHA1
697f7b5a49093968e1dbe81af55b785fea11eb79
-
SHA256
bc9fa38f45390aec217a6ae2b9c9301bae374802cd59a911632b1e279bd695db
-
SHA512
fceb23d1e337c644f44c7336f461cf1ec11e90f6e00071e3dba7d4821ee18d39c0885d274c2acc710f143cc886c7ae0f79f8950c642b138f10cda9010322fc91
-
SSDEEP
12288:PLLTaLwPzp0qbF5AnyLarFrSfaKhCNL9OTg20RwfMC+vcdfsmA:zLEwLpf5Ay6FFmCNoE7qM/5mA
Score10/10 -