General
-
Target
24d99ba5654cdf31141c66fd9417b7e0.bin
-
Size
187KB
-
Sample
230321-bgnlxsab21
-
MD5
e8454eb9f1d30c80ba454daf74a3d514
-
SHA1
ffe8d21dc375e928788b855ebae5ee9fff879793
-
SHA256
e50319ebac93c086dc4b6d187319d00f37180b8989ebd0c25b2999713d3eafb8
-
SHA512
29c5d65b7e29488b1531681f9b2c269f43098bb681cf16a5bb9c7033766499773943de13ee837f949acfffbd83dd006ffe89dd464388956d3cc4a95aeedd08ac
-
SSDEEP
3072:Ak2erbb9FdMHzFbpD837XVLGhe6lFkH74y3LDR2N4OEwCkPBZ1PduI9kThO0:lJMHYxSU74y3LDR2Neudk80
Behavioral task
behavioral1
Sample
b9321c27be4295c15d7f92fafc20d7ccac5f21204b79ebc2fed583dda0197cf9.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
b9321c27be4295c15d7f92fafc20d7ccac5f21204b79ebc2fed583dda0197cf9.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
cobaltstrike
1359593325
http://120.79.181.138:443/pixel
-
access_type
512
-
beacon_type
2048
-
host
120.79.181.138,/pixel
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
443
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5q7MB/tbUnzXSL7Zy+R/NrXBsv04yMfdAg46oqaulvNUOMYgsS/FPmKLLTw6knGLWSaH9+NVc0VkhsAjKhzjWIlVJqCoTZYIVu8CKnF/rDxYpmYjmqqd8EBIIxq3QuVWd6z7xYx7AZh1RDlecuKLPtX3fn6p9Wud81SEPl0wlyQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Trident/6.0)
-
watermark
1359593325
Targets
-
-
Target
b9321c27be4295c15d7f92fafc20d7ccac5f21204b79ebc2fed583dda0197cf9.bin
-
Size
219KB
-
MD5
24d99ba5654cdf31141c66fd9417b7e0
-
SHA1
0e06aedf5b25cf248131c9eff5a331f4bb1fcb67
-
SHA256
b9321c27be4295c15d7f92fafc20d7ccac5f21204b79ebc2fed583dda0197cf9
-
SHA512
351e8c078595d1c829385d0bfbeb2560dd62fa063645e40593ba63af8862fc90bbd24438aebb0fb952cb78bf80b91ea35dbabdc91d760fd69c7f188e45075872
-
SSDEEP
6144:c8X2sNEFy+HVJbny+lgzgeFgUQI9aiGynMOyX:T3NEFy8VJO+GTFgUzaL6MO+
Score10/10 -