Overview
overview
10Static
static
TA579_2022...sl.dll
windows7-x64
1TA579_2022...sl.dll
windows10-2004-x64
1TA579_2022...fo.dll
windows7-x64
1TA579_2022...fo.dll
windows10-2004-x64
3TA579_2022...dle.py
windows7-x64
3TA579_2022...dle.py
windows10-2004-x64
3TA579_2022...on.exe
windows7-x64
1TA579_2022...on.exe
windows10-2004-x64
1TA579_2022...n3.dll
windows7-x64
1TA579_2022...n3.dll
windows10-2004-x64
3TA579_2022...10.dll
windows7-x64
1TA579_2022...10.dll
windows10-2004-x64
3TA579_2022...nw.exe
windows7-x64
1TA579_2022...nw.exe
windows10-2004-x64
1TA579_2022...ts.lnk
windows7-x64
3TA579_2022...ts.lnk
windows10-2004-x64
10Resubmissions
18-01-2023 14:25
230118-rrsavsag38 10General
-
Target
TA579_20220117.zip
-
Size
8.2MB
-
Sample
230118-rrsavsag38
-
MD5
6ca646efab8725915780c159a86115ba
-
SHA1
ac5f2f25e75ed22282d90ba9f40538423df3a108
-
SHA256
78279ac671bb144d058bc59eb5d89a6446ceee2cdcaf3d6bbe00a23e15abf0b2
-
SHA512
deada1e00126b0a8e4938ea0c7a6a96a7984258fe3cb4052c820c6f15fdc58faaeae74b337b81e38299fbe71b593049d9f5be80aa6dcfddd5cebca83fe1e69e9
-
SSDEEP
196608:nah7EGo1G1Q+t5kjO++pTp571s33JB1uf5n24K:nah81G1HOOppTpKUfO
Static task
static1
Behavioral task
behavioral1
Sample
TA579_20220117/_ssl.dll
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
TA579_20220117/_ssl.dll
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
TA579_20220117/_zoneinfo.dll
Resource
win7-20221111-en
Behavioral task
behavioral4
Sample
TA579_20220117/_zoneinfo.dll
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
TA579_20220117/cradle.py
Resource
win7-20220812-en
Behavioral task
behavioral6
Sample
TA579_20220117/cradle.py
Resource
win10v2004-20221111-en
Behavioral task
behavioral7
Sample
TA579_20220117/python.exe
Resource
win7-20220901-en
Behavioral task
behavioral8
Sample
TA579_20220117/python.exe
Resource
win10v2004-20221111-en
Behavioral task
behavioral9
Sample
TA579_20220117/python3.dll
Resource
win7-20221111-en
Behavioral task
behavioral10
Sample
TA579_20220117/python3.dll
Resource
win10v2004-20220812-en
Behavioral task
behavioral11
Sample
TA579_20220117/python310.dll
Resource
win7-20220812-en
Behavioral task
behavioral12
Sample
TA579_20220117/python310.dll
Resource
win10v2004-20220812-en
Behavioral task
behavioral13
Sample
TA579_20220117/pythonw.exe
Resource
win7-20220812-en
Behavioral task
behavioral14
Sample
TA579_20220117/pythonw.exe
Resource
win10v2004-20221111-en
Behavioral task
behavioral15
Sample
TA579_20220117/required documents.lnk
Resource
win7-20221111-en
Behavioral task
behavioral16
Sample
TA579_20220117/required documents.lnk
Resource
win10v2004-20220812-en
Malware Config
Extracted
cobaltstrike
1580103814
http://23.108.57.26:443/gv
http://23.106.215.213:443/ch
http://23.189.202.11:443/gv
http://23.109.27.113:443/gv
-
access_type
512
-
beacon_type
2048
-
host
23.108.57.26,/gv,23.106.215.213,/ch,23.189.202.11,/gv,23.109.27.113,/gv
-
http_header1
AAAAEAAAABRIb3N0OiBvbmNsaWNrYWRzLm5ldAAAAAoAAAARQ29ubmVjdGlvbjogY2xvc2UAAAAKAAAAE0FjY2VwdC1FbmNvZGluZzogYnIAAAAKAAAAJUFjY2VwdC1MYW5ndWFnZTogZW4tR0I7cT0wLjksICo7cT0wLjcAAAAHAAAAAAAAAA0AAAADAAAAAgAAAAVIU0lEPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAAEAAAABRIb3N0OiBvbmNsaWNrYWRzLm5ldAAAAAoAAAARQ29ubmVjdGlvbjogY2xvc2UAAAAKAAAAJUFjY2VwdC1MYW5ndWFnZTogZW4tR0I7cT0wLjksICo7cT0wLjcAAAAKAAAAL0NvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkAAAABwAAAAEAAAADAAAAAwAAAAIAAAAEamF4PQAAAAQAAAAHAAAAAAAAAAMAAAACAAAADl9fc2Vzc2lvbl9faWQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
5376
-
polling_time
5000
-
port_number
443
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCE9L8rIKSp4C9FQ/R/7a3ryY4uA9FlvsgnXmTz2sZ9UVfj1lI08Bviwhpc+EnZZqJdTO64CfcMBV4mkNpD0ytsAQM2Exm52NXS+H2o2sCUL/5CEDF69gocbXAWu8TBQBOJ/nigUOIP9axddVsB3u7b3VYu+LeoMTaxlVbzllXwSwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
7.8457344e+07
-
unknown2
AAAABAAAAAIAAAJYAAAAAwAAAAsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/get
-
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36
-
watermark
1580103814
Targets
-
-
Target
TA579_20220117/_ssl.pyd
-
Size
155KB
-
MD5
dcb25c920292192dd89821526c09a806
-
SHA1
79c9af3a11b41d94728f274b45a7c61dc8bbf267
-
SHA256
4e496cb3b89550cf5883d0b52f5f4660524969c7a5fa35a3b233df4f482d0482
-
SHA512
ae4ed1a66eef0b0c474c6ee498cd1388ef41f3746905257c7f5c0f73abbe3262eb47bb5748d47d55f1bd376308335a089c2b4c15ffe5d7fc21f2a660a4a93ba4
-
SSDEEP
3072:VOoLGtbSpE3z/J/PUE9u/85J2oEPwu3rE923+nuI5Piev9muFI4t761xu:VOoitbSpE3zhHPu/mE8nuaF9mud
Score1/10 -
-
-
Target
TA579_20220117/_zoneinfo.pyd
-
Size
42KB
-
MD5
e4c4a639cfb3d082b2fdb44ce08c1be3
-
SHA1
33fc3cc2db9ffc9e233aca5bc9290a69d138781f
-
SHA256
4333fc3595ea1ea48c5a983f8b60a64c192f39e5a0be2c7acd0033467269556d
-
SHA512
ef31ef93b73de02821751274f1a401710ef04c589cbb92d94ec0a3a5da5175e83c26bc12c367f0548583cf026cdce0e7ce3d33d7c4b3016e90beb42810f39bf0
-
SSDEEP
768:y8FQjWzWQt6XMuG7mM+FrRQOLb0CjyLstQ9t9I4CXbYiSyvpPxWEf:y84SqMt6MSrRQOLb0CuLstQH9I4CXb7V
Score3/10 -
-
-
Target
TA579_20220117/cradle.py
-
Size
524B
-
MD5
645bb969b89991321b41f629d5666fc8
-
SHA1
388e1046c1b5536f8543a9f543a693735d81b8d2
-
SHA256
fbe757129e9bbbfbb117ece83933187a774e1db4cbdb72a7bdc211a0871d38ec
-
SHA512
4d37bd777b5ab145aa7a0c4a1c47358ac6965057299cc781a761eadea2359bbe9ef0a144abc5143d59263f806715f21b7a12927a412fd3d38745fc3d3b251128
Score3/10 -
-
-
Target
TA579_20220117/python.exe
-
Size
99KB
-
MD5
0d7e35d7b045ec9447aa18d064fcd9c8
-
SHA1
fc8abbafbcf3b8f959b3e9c956109da0218aa95c
-
SHA256
3093fcf263029ca1d799fea250a4e032d2c930a516f1513eeca688b343c836b3
-
SHA512
7e9d78959563fd416422b6e226b73ed4ed2da7905ad89d93571f93b113fbcc1ee7203f18bb53bd495b9f79d4d9b72bbc0b6aad5cc4ce4356e655e8e459997cac
-
SSDEEP
1536:NFVCKbuEYE+9z2wp+FavGmhMn+IhzZtz8/duRo7SyYPx:NFVCKbuAs0FNmhMn+IhN+/duRoyx
Score1/10 -
-
-
Target
TA579_20220117/python3.dll
-
Size
63KB
-
MD5
e0ca371cb1e69e13909bfbd2a7afc60e
-
SHA1
955c31d85770ae78e929161d6b73a54065187f9e
-
SHA256
abb50921ef463263acd7e9be19862089045074ea332421d82e765c5f2163e78a
-
SHA512
dd5a980ba72e4e7be81b927d140e408ad06c7be51b4f509737faee5514e85a42d47518213da1c3e77c25f9bd2eb2109fca173d73d710ff57e6a88a2ff971d0b4
-
SSDEEP
768:5n8LeBLeeFtp5V1BfO2yvSk70QZF1nEyjnskQkr/RFB1qucwdBeCw0myou6ZwJq2:5nwewnvtjnsfwL5I4Q0h7SyD0PxW
Score3/10 -
-
-
Target
TA579_20220117/python310.dll
-
Size
4.3MB
-
MD5
54f8267c6c116d7240f8e8cd3b241cd9
-
SHA1
907b965b6ce502dad59cde70e486eb28c5517b42
-
SHA256
c30589187be320bc8e65177aeb8dc1d39957f7b7dcda4c13524dd7f436fb0948
-
SHA512
f6c865c8276fe1a1a0f3267b89fb6745a3fc82972032280dce8869006feb2b168516e017241a0c82bdae0f321fab388523691769f09a502fc3bd530c1c4cacf1
-
SSDEEP
49152:+xWM30WEuKdhbvd9aCLYjiNME9KnPdZkAMnu08M2c3MrOEJ8wwoJCzSy4I0mUHJq:+eV7bkwMVPZRHqzt0XHaMZqSH1jze
Score3/10 -
-
-
Target
TA579_20220117/pythonw.exe
-
Size
97KB
-
MD5
535dbfade17a856935667eae25acc166
-
SHA1
881db3c6ec9b8eee8c26c0b6c0278a3c8c3f301b
-
SHA256
61957119137f9492ab7cff41ed83619cdd398b8d47ceb4feeba5ed9bd0fcdc22
-
SHA512
8dc2fc6534a67b27bb65d65fc366cd9101ffd1a918924be7e1dfb253785cc0b57ce10621ea93af3769b1393cbde630cde92068689ef674c8c75e76a17bf49a09
-
SSDEEP
1536:bEqhuhIxHHWMpdPa5wiE21M8kJIGFvb1Cwb/x+sT7SyBPxs:YqISwMpdCq/IM8uIGfR/x+sT7xs
Score1/10 -
-
-
Target
TA579_20220117/required documents.lnk
-
Size
2KB
-
MD5
63406fd9ac6318999606bdf3dee56e59
-
SHA1
8af67f655ce1b5a1c98a2c3e2dc16b04f524d2ad
-
SHA256
de6f6037ca98820a57ed73b33a551f33b593ed860e37942c749a1bb1bc12de8d
-
SHA512
0c287b1a328392bde2560c0afa07119a851788a329bf1f6eceb04f3ea2f56387caac344ff5c8d6f7b3b34e768a16dc67ca637e100da273aa8e1bbf80d3151f61
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-