General
-
Target
8494205ac991c4f2aaa5390ce684e5382e1e4c85da0ce08c527ba9d4089dd86d
-
Size
494KB
-
Sample
230129-tz97radg43
-
MD5
8d166ee159764d8a09ac1a16b30a445a
-
SHA1
0a709778fa4f8ec9c03d34cc7ad36ae1f6cdeec7
-
SHA256
8494205ac991c4f2aaa5390ce684e5382e1e4c85da0ce08c527ba9d4089dd86d
-
SHA512
4ecfadbbe51f97aa44cfd1d3bf91e79f39ddffbd407d2a9ed0e44ece5282f419e494557255c47d7a8b7a5588d9fb8aff2ec5cf8436fc19c8a6874c967855d29b
-
SSDEEP
12288:y8E3jt616IePdCKXYItHMIwNoD1sfC73M2GjELsXZ:dePdCQaIcOqfm+jELC
Static task
static1
Behavioral task
behavioral1
Sample
8494205ac991c4f2aaa5390ce684e5382e1e4c85da0ce08c527ba9d4089dd86d.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
8494205ac991c4f2aaa5390ce684e5382e1e4c85da0ce08c527ba9d4089dd86d.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
cobaltstrike
1359593325
http://ghafirst.com:443/RELEASES
-
access_type
512
-
beacon_type
2048
-
host
ghafirst.com,/RELEASES
-
http_header1
AAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAALQWNjZXB0OiAqLyoAAAAHAAAAAAAAAAMAAAADAAAAAgAAABR3b3JkcHJlc3NfbG9nZ2VkX2luPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAA9QWNjZXB0LUxhbmd1YWdlOiBmci1DSCwgZnI7cT0wLjksIGVuO3E9MC44LCBkZTtxPTAuNywgKjtxPTAuNQAAAAoAAAAvQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQAAAAHAAAAAQAAAA0AAAADAAAAAgAAAAhjaGFubmVsPQAAAAQAAAAHAAAAAAAAAAMAAAACAAAADl9fc2Vzc2lvbl9faWQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
9984
-
polling_time
56890
-
port_number
443
-
sc_process32
%windir%\syswow64\regsvr32.exe
-
sc_process64
%windir%\sysnative\regsvr32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDQVbvYC23lQ8yuEgsqJl0PQ6bcBM32VKooSBx4V5Fw76v+7Jy1M52MeKC1pTSMFlG6+9dzMIVigabcKfvq/lUN6u8DTbWtmiUkwCGv/Y4dcfyu34NTcmgoEBxE1UovJUM8FQr4ID1uEj6oNnN4sKbpQ2cFwfcUt8lRaqpQiXdfkQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
3.025605888e+09
-
unknown2
AAAABAAAAAIAAAJYAAAAAwAAAA8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/ro
-
user_agent
Mozilla/5.0 (Linux; Android 8.0.0; SM-G960F Build/R16NW) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202
-
watermark
1359593325
Targets
-
-
Target
8494205ac991c4f2aaa5390ce684e5382e1e4c85da0ce08c527ba9d4089dd86d
-
Size
494KB
-
MD5
8d166ee159764d8a09ac1a16b30a445a
-
SHA1
0a709778fa4f8ec9c03d34cc7ad36ae1f6cdeec7
-
SHA256
8494205ac991c4f2aaa5390ce684e5382e1e4c85da0ce08c527ba9d4089dd86d
-
SHA512
4ecfadbbe51f97aa44cfd1d3bf91e79f39ddffbd407d2a9ed0e44ece5282f419e494557255c47d7a8b7a5588d9fb8aff2ec5cf8436fc19c8a6874c967855d29b
-
SSDEEP
12288:y8E3jt616IePdCKXYItHMIwNoD1sfC73M2GjELsXZ:dePdCQaIcOqfm+jELC
Score10/10 -