General
-
Target
6c9810a08e35920f03730e06102a1e1639a57a2d652ecfeedca63fceef495837.zip
-
Size
245KB
-
Sample
230211-m33hragh6s
-
MD5
343b04df52d769359fd13fbbe7a9518a
-
SHA1
d28be3f3537296c32e66e99aa044f00e073ff8b3
-
SHA256
030122cbc26daf3bfb6c3eadbc4cea25e06f352c3d17decff8af12fa81ef638b
-
SHA512
d9ee8b226b22578e73b790314705c557b07aa2d28221fd628d86a9f1b134e9e98342ba170d4003308ad14be42c5da7d2ad89155031d3f4d83a58b9af3f901d1d
-
SSDEEP
6144:AFZwt+ydCAOnuf2+EhGhb1jvdYA2Dg2xM:AQt+a+u++LXjqD1xM
Static task
static1
Behavioral task
behavioral1
Sample
6c9810a08e35920f03730e06102a1e1639a57a2d652ecfeedca63fceef495837.ps1
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
6c9810a08e35920f03730e06102a1e1639a57a2d652ecfeedca63fceef495837.ps1
Resource
win10v2004-20220812-en
Malware Config
Extracted
cobaltstrike
305419896
http://117.50.189.147:90/ca
-
access_type
512
-
host
117.50.189.147,/ca
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_method1
GET
-
http_method2
POST
-
maxdns
255
-
polling_time
60000
-
port_number
90
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCYND7NsiktPrD/uDMM5S6C7cvFGmqR8iuKLt8lVUUU//Yoobu08NzywlsJ2hsGbs14VHXGUifaQr+gqRANCApl4tQxjmG6C9cZJVfB3y9WToeDqwczyuRTQi046lKr777YiiPYsNUC3aQriPMwKT/xCzs3AteG7fYZQ2TcrFRvewIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
-
watermark
305419896
Targets
-
-
Target
6c9810a08e35920f03730e06102a1e1639a57a2d652ecfeedca63fceef495837.ps1
-
Size
734KB
-
MD5
47d0a7d95e4e561dd8d46a60f55f7f8d
-
SHA1
c285d3db58476c46aae8be6b731356ff13b6a478
-
SHA256
6c9810a08e35920f03730e06102a1e1639a57a2d652ecfeedca63fceef495837
-
SHA512
633b877b579024e5e36b99d133adde5c966d4d01915263be295456390ae523c5db4717359c1735d6fd73e3f84c3401bc7e67b414219cd6afb25d3bab23cc3917
-
SSDEEP
12288:FU1VYwPkT4LbcArB+rVqLq25s+tLsCN/FUaZ9kC2XmaKxNxhsY/4QI1IRm6SEWO7:rYIqcSd
Score10/10-
Blocklisted process makes network request
-