General
-
Target
1.txt
-
Size
260KB
-
Sample
230316-c68h3aah6t
-
MD5
f9a471926b2dcbaadb1786ff779928b7
-
SHA1
6d9ac46890c9f89dc3a8163df28f495654c847bd
-
SHA256
c6aeacf7b22a271df13afd336a073af80f601c3ae937a6fb8178700201c9a281
-
SHA512
3ef700ecd458cc929196597747cad0cfeb7f9f97a92e7dba54a6a93f546d3301a627f53f7a2d5961bff9da5dc93050712ed388bc3b733ba8ebec394f2e5fc04e
-
SSDEEP
6144:oJqVG5d1IpCyibgkTZI6jHID90amBXoH/:o3d6Levox2BXO
Behavioral task
behavioral1
Sample
1.dll
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
1.dll
Resource
win10v2004-20230220-en
Malware Config
Extracted
cobaltstrike
99999
http://139.224.31.216:443/auth/data
-
access_type
512
-
beacon_type
2048
-
host
139.224.31.216,/auth/data
-
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAcAAAAAAAAAAwAAAAIAAAAKU0VTU0lPTklEPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAcAAAAAAAAAAwAAAAIAAAAJSlNFU1NJT049AAAABgAAAAZDb29raWUAAAAHAAAAAQAAAAMAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
5120
-
polling_time
10000
-
port_number
443
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl6B9KHJBh5wWNcLL2R+Nhku9DaNu1GWr9gEkTlJ4mqsbIskd9p3Ty+RBFRlUQsuiS1ZkeJIrMZbwKkDh+tX2jqSgaE/lf2Y6sHZ97koeK318W42qjUEWjcXdhwkRPbUUoPqSJG7+4Ib1x7xJBJ/unLbEZ3Xry2FJ7+25SAJQDQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
1.481970944e+09
-
unknown2
AAAABAAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/auth-server/token
-
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/539.39 (KHTML, like Gecko) Chrome/92.0.4519.137 Safari/539.39
-
watermark
99999
Targets
-
-
Target
1.txt
-
Size
260KB
-
MD5
f9a471926b2dcbaadb1786ff779928b7
-
SHA1
6d9ac46890c9f89dc3a8163df28f495654c847bd
-
SHA256
c6aeacf7b22a271df13afd336a073af80f601c3ae937a6fb8178700201c9a281
-
SHA512
3ef700ecd458cc929196597747cad0cfeb7f9f97a92e7dba54a6a93f546d3301a627f53f7a2d5961bff9da5dc93050712ed388bc3b733ba8ebec394f2e5fc04e
-
SSDEEP
6144:oJqVG5d1IpCyibgkTZI6jHID90amBXoH/:o3d6Levox2BXO
Score3/10 -