General
-
Target
80496931575d32f8839b054ee7fad55f.js.vir
-
Size
868KB
-
Sample
230317-pjptnagb64
-
MD5
80496931575d32f8839b054ee7fad55f
-
SHA1
b70e302e4065651d0834900c752b3f681ebd87d2
-
SHA256
f7e7bb0a337c10e1ccb7e01af4d0ad48825214b7c945aaa0a38237d9c4df45ee
-
SHA512
fd79c583de2de0286350cd3c6af2a219f40b348a96f237b56755e5fc54223a2c5c56cc1da128da54f92634b13d14e1ef023eedd9634eca176ee795150f090705
-
SSDEEP
12288:nGuFsIiqQzWzs1BSuBq+tkIvEVCW9Y3JoZW2hFM8GJdn+V6Vl4qbMDQ7V:GLXcs1A+sCW23J1f
Static task
static1
Behavioral task
behavioral1
Sample
80496931575d32f8839b054ee7fad55f.js
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
80496931575d32f8839b054ee7fad55f.js
Resource
win10v2004-20230220-en
Malware Config
Extracted
cobaltstrike
100000
http://chidao.icu:8443/image/
-
access_type
512
-
beacon_type
2048
-
host
chidao.icu,/image/
-
http_header1
AAAACgAAAEhBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKmw7cT0wLjgAAAAKAAAAHlJlZmVyZXI6IGh0dHA6Ly93d3cuZ29vZ2xlLmNvbQAAABAAAAARSG9zdDogbGF4c3RvcmUuZ3EAAAAKAAAAEFByYWdtYTogbm8tY2FjaGUAAAAKAAAAF0NhY2hlLUNvbnRyb2w6IG5vLWNhY2hlAAAABwAAAAAAAAAIAAAAAQAAAAQuanBnAAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAoAAAAeUmVmZXJlcjogaHR0cDovL3d3dy5nb29nbGUuY29tAAAAEAAAABFIb3N0OiBsYXhzdG9yZS5ncQAAAAoAAAAQUHJhZ21hOiBuby1jYWNoZQAAAAoAAAAXQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUAAAAHAAAAAAAAAAsAAAABAAAABC5wbmcAAAAMAAAABwAAAAEAAAADAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
8443
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCmOWIfmsFlSaN08WbrXhqAUnE0QmgKzc114UH02A/cZNu9XBcBIf3gJ63j7++TAbdMd+qE3rdZw/CwmlXOCBrfx7cxpKKQY1/kA0NVmS8AVcryjkT6cSxdF5Ehe4DMMtLDP2GHIvt+r4587MArJnEThLp/UScK/KwXHYMAzkcTuwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
1.481970944e+09
-
unknown2
AAAABAAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/email/
-
user_agent
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MASP)
-
watermark
100000
Targets
-
-
Target
80496931575d32f8839b054ee7fad55f.js.vir
-
Size
868KB
-
MD5
80496931575d32f8839b054ee7fad55f
-
SHA1
b70e302e4065651d0834900c752b3f681ebd87d2
-
SHA256
f7e7bb0a337c10e1ccb7e01af4d0ad48825214b7c945aaa0a38237d9c4df45ee
-
SHA512
fd79c583de2de0286350cd3c6af2a219f40b348a96f237b56755e5fc54223a2c5c56cc1da128da54f92634b13d14e1ef023eedd9634eca176ee795150f090705
-
SSDEEP
12288:nGuFsIiqQzWzs1BSuBq+tkIvEVCW9Y3JoZW2hFM8GJdn+V6Vl4qbMDQ7V:GLXcs1A+sCW23J1f
Score10/10 -