General
-
Target
tianqin.cpl
-
Size
114KB
-
Sample
230221-evc9wsdf39
-
MD5
76616710538d3a565c768c51d5a55abc
-
SHA1
1e92575313409eaf847a966ef1d3f001fb4631df
-
SHA256
8b960c45753593ef4f320a402c20424ab6fe775c163b65d7c03fb89f89378094
-
SHA512
718cd5bff0e72dc964d870d9c47d13ef55739345b3d450222a49c435bd0fb5df45a1ca1025ca827faf5e6e0b0e9e590229b4bce6aeaa620e23756827db17c2e4
-
SSDEEP
3072:3XfxrOJuHUIxeyVegFT2FkzDOxfCmPn7:nfRlUItt/CxqO
Static task
static1
Behavioral task
behavioral1
Sample
tianqin.dll
Resource
win10-20230220-en
Behavioral task
behavioral2
Sample
tianqin.dll
Resource
win7-20230220-en
Behavioral task
behavioral3
Sample
tianqin.dll
Resource
win10v2004-20230220-en
Malware Config
Extracted
metasploit
windows/download_exec
http://info.bookworld-langchao.work:2096/FpaE
http://:2096/FpaE
Extracted
cobaltstrike
305419896
http://info.bookworld-langchao.work:2096/jquery.js
-
access_type
512
-
beacon_type
2048
-
host
info.bookworld-langchao.work,/jquery.js
-
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAABAAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALHNjaC1obHQ9cy0yNEtVMTFXQjgyUlpTWUdKM1dFUnwxNTI5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAQAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
-
http_method1
GET
-
http_method2
POST
-
jitter
5120
-
maxdns
255
-
polling_time
5000
-
port_number
2096
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrZ4M1kDofy9bq2RX/5+t9xbZFdiF0uw8B92fNu6tPEldEJ/0BA7zeNUkN6EUHEX5kFGyRfUOjVxHKOnnHMTqckPQi9/ARmPX9w5ccQXuGoLD8BXWBCJh+PK7fLyXTeOQe448vqgE51IxqSY+WVj03d2pE+dLTiXixqlOZ0ykrdQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/N5632/sadj/display.js
-
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
-
watermark
305419896
Targets
-
-
Target
tianqin.cpl
-
Size
114KB
-
MD5
76616710538d3a565c768c51d5a55abc
-
SHA1
1e92575313409eaf847a966ef1d3f001fb4631df
-
SHA256
8b960c45753593ef4f320a402c20424ab6fe775c163b65d7c03fb89f89378094
-
SHA512
718cd5bff0e72dc964d870d9c47d13ef55739345b3d450222a49c435bd0fb5df45a1ca1025ca827faf5e6e0b0e9e590229b4bce6aeaa620e23756827db17c2e4
-
SSDEEP
3072:3XfxrOJuHUIxeyVegFT2FkzDOxfCmPn7:nfRlUItt/CxqO
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Blocklisted process makes network request
-