General
-
Target
1008188650ce94899c5714346e9ec493.js.vir
-
Size
869KB
-
Sample
230317-pjl3rsab41
-
MD5
1008188650ce94899c5714346e9ec493
-
SHA1
a3cc3b37f9cf65306c219c04695199a40e5c2cc8
-
SHA256
6761764ee874b2ec445c348a245cc35e8fa2e71a5df7c25c5a4a9f20da710a89
-
SHA512
7cc7e87165377d86d3c809b2e57c4bb5c45e2c6372d6a4c623ccbede257e082b0a09da6bb28d57241072c274f9dbe6d6d22e6b8e969299d9ff3b435f716fefe8
-
SSDEEP
12288:k/zZk5BCCZC1vij1TtwNuDCnVZMP72F0MLzImIz+H0RnJiu5/uB6KgSfl+ribR0X:kFAz2F0fSURnJ4jh8i4
Static task
static1
Behavioral task
behavioral1
Sample
1008188650ce94899c5714346e9ec493.js
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
1008188650ce94899c5714346e9ec493.js
Resource
win10v2004-20230220-en
Malware Config
Extracted
cobaltstrike
100000
http://101.43.188.175:6666/image/
-
access_type
512
-
host
101.43.188.175,/image/
-
http_header1
AAAACgAAAEhBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKmw7cT0wLjgAAAAKAAAAHlJlZmVyZXI6IGh0dHA6Ly93d3cuZ29vZ2xlLmNvbQAAABAAAAARSG9zdDogbGF4c3RvcmUuZ3EAAAAKAAAAEFByYWdtYTogbm8tY2FjaGUAAAAKAAAAF0NhY2hlLUNvbnRyb2w6IG5vLWNhY2hlAAAABwAAAAAAAAAIAAAAAQAAAAQuanBnAAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAoAAAAeUmVmZXJlcjogaHR0cDovL3d3dy5nb29nbGUuY29tAAAAEAAAABFIb3N0OiBsYXhzdG9yZS5ncQAAAAoAAAAQUHJhZ21hOiBuby1jYWNoZQAAAAoAAAAXQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUAAAAHAAAAAAAAAAsAAAABAAAABC5wbmcAAAAMAAAABwAAAAEAAAADAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
6666
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCmOWIfmsFlSaN08WbrXhqAUnE0QmgKzc114UH02A/cZNu9XBcBIf3gJ63j7++TAbdMd+qE3rdZw/CwmlXOCBrfx7cxpKKQY1/kA0NVmS8AVcryjkT6cSxdF5Ehe4DMMtLDP2GHIvt+r4587MArJnEThLp/UScK/KwXHYMAzkcTuwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
1.481970944e+09
-
unknown2
AAAABAAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/email/
-
user_agent
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727)
-
watermark
100000
Targets
-
-
Target
1008188650ce94899c5714346e9ec493.js.vir
-
Size
869KB
-
MD5
1008188650ce94899c5714346e9ec493
-
SHA1
a3cc3b37f9cf65306c219c04695199a40e5c2cc8
-
SHA256
6761764ee874b2ec445c348a245cc35e8fa2e71a5df7c25c5a4a9f20da710a89
-
SHA512
7cc7e87165377d86d3c809b2e57c4bb5c45e2c6372d6a4c623ccbede257e082b0a09da6bb28d57241072c274f9dbe6d6d22e6b8e969299d9ff3b435f716fefe8
-
SSDEEP
12288:k/zZk5BCCZC1vij1TtwNuDCnVZMP72F0MLzImIz+H0RnJiu5/uB6KgSfl+ribR0X:kFAz2F0fSURnJ4jh8i4
Score10/10-
Drops file in System32 directory
-