General
-
Target
04193e2b9a24c7c63914d71bbff1ca8612b089750a5645caa6c143fc0a1c376d.zip
-
Size
187KB
-
Sample
230321-rw6ztaba67
-
MD5
d98b5d419c353070629f8baf9e2ea577
-
SHA1
b1c7e98f520184ee0efb87ff6a9252e045f0d002
-
SHA256
20f46e76101629bfd1b713bd68ba261dd3e0e6d787bbf5481e273077fb383186
-
SHA512
f82b72f02b41d25fc6b2b68930f694185975bcfa5a002459d9603b94700dfc157346506ac89709009e744a88fc8d41c9960f3b99c6b6c718b345fb4130c04301
-
SSDEEP
3072:zy73TXEA8bivDkRuHZiquH1BbtOPP5Ib+P5cHQ9khA51/vsTJuHu:O7IdivKqivHDtOjEQmA51/vsTIO
Static task
static1
Behavioral task
behavioral1
Sample
04193e2b9a24c7c63914d71bbff1ca8612b089750a5645caa6c143fc0a1c376d.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
04193e2b9a24c7c63914d71bbff1ca8612b089750a5645caa6c143fc0a1c376d.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
cobaltstrike
1530709612
http://10.10.5.39:443/___utm.gif
http://10.10.5.246:443/___utm.gif
-
access_type
512
-
beacon_type
2048
-
host
10.10.5.39,/___utm.gif,10.10.5.246,/___utm.gif
-
http_header1
AAAACQAAABJ1dG1hYz1VQS0yMjAyNjA0LTIAAAAJAAAAB3V0bWNuPTEAAAAJAAAAEHV0bWNzPUlTTy04ODU5LTEAAAAJAAAAD3V0bXNyPTEyODB4MTAyNAAAAAkAAAAMdXRtc2M9MzItYml0AAAACQAAAAt1dG11bD1lbi1VUwAAAAcAAAAAAAAADQAAAAIAAAAGX191dG1hAAAABQAAAAV1dG1jYwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAABwAAAAAAAAACAAAABlVBLTIyMAAAAAEAAAACLTIAAAAFAAAABXV0bWFjAAAACQAAAAd1dG1jbj0xAAAACQAAABB1dG1jcz1JU08tODg1OS0xAAAACQAAAA91dG1zcj0xMjgweDEwMjQAAAAJAAAADHV0bXNjPTMyLWJpdAAAAAkAAAALdXRtdWw9ZW4tVVMAAAAHAAAAAQAAAA0AAAACAAAABl9fdXRtYQAAAAUAAAAFdXRtY2MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
GET
-
polling_time
5000
-
port_number
443
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCYRk7aiOwUEkTn6tyrUx6KT1EYovdepy7UKvbsWSeToWgfuSGybTrHa3ZUO9IXmi3gQkQqzGBSHXE8S59bLI+X+TNcAS1jEYPnHueMYo5Gdkguj3sxQn/a4OyN7Oc58rNvYD2bRBpuri3wEBarONFz5cKNYjeaH7+N3YgmuYskwQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
6.71092736e+08
-
unknown2
AAAABAAAAAIAAAAPAAAAAgAAAA8AAAACAAAACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown3
1.610612736e+09
-
uri
/__utm.gif
-
user_agent
Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko
-
watermark
1530709612
Targets
-
-
Target
04193e2b9a24c7c63914d71bbff1ca8612b089750a5645caa6c143fc0a1c376d.exe
-
Size
319KB
-
MD5
d438f4f0cd9de5f51b8ff401e51d7fae
-
SHA1
fa92e51cace0da018119a3f95e0648e6e33f288e
-
SHA256
04193e2b9a24c7c63914d71bbff1ca8612b089750a5645caa6c143fc0a1c376d
-
SHA512
47d03bc3b27754af305e16dad163fa8cf49ad232547fc350a01cc73037b2403dce73b92e24e72e78c7141771d58f78873ad3c375522ac03c6691fd018fd54615
-
SSDEEP
6144:6HwGL86EIUdKVy9Dwxdms4yAzFaFdtkBYYYYwYYYYYYYYYYYYYYYvPAYYzEKUo01:Cwv6NU3qopVYdm5t3
Score10/10 -