General
-
Target
0a9f32d40fc1f0c6b93431e0ce76ff62.exe.vir
-
Size
218KB
-
Sample
230322-rskx6sbb8s
-
MD5
0a9f32d40fc1f0c6b93431e0ce76ff62
-
SHA1
fe2c3c1a25e57f520c03817a40f0ca950b2a3a9f
-
SHA256
5e6e9956ffee58bc7ac7d367f4bbbc145837404cda32214b95e568199c0218fe
-
SHA512
124e39a8a738f592f3bf85e0e423cabe787bebb927126e2a698e157f248ee9866ce230313ad0d567021f1e54e0b45410c62f05df743d6011e5e5156465239951
-
SSDEEP
6144:3EEgnYUdH/L8MBorobkk8MO20Fz36RNzxMCR:0+Udfposbkk8Q0Fz367xMCR
Malware Config
Extracted
cobaltstrike
http://mail.shqianxinn.tk:2096/jqueryjs/jquery-3.3.2.slim.min.js
-
user_agent
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Host: mail.shqianxinn.tk Referer: http://code.jquery.com/ Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/101.0.4951.67 Safari/537.
Extracted
cobaltstrike
426352781
http://mail.shqianxinn.tk:2096/jqueryjs/jquery-3.3.1.min.js
-
access_type
512
-
beacon_type
2048
-
host
mail.shqianxinn.tk,/jqueryjs/jquery-3.3.1.min.js
-
http_header1
AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAABAAAAAXSG9zdDogd3d3LnNocWlhbnhpbm4udGsAAAAKAAAAIFJlZmVyZXI6IGh0dHA6Ly9jb2RlLmpxdWVyeS5jb20vAAAACgAAAB5BY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUAAAAHAAAAAAAAAA0AAAACAAAACV9fY2ZkdWlkPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAABAAAAAXSG9zdDogd3d3LnNocWlhbnhpbm4udGsAAAAKAAAAIFJlZmVyZXI6IGh0dHA6Ly9jb2RlLmpxdWVyeS5jb20vAAAACgAAAB5BY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUAAAAHAAAAAAAAAA8AAAANAAAABQAAAAhfX2NmZHVpZAAAAAcAAAABAAAADwAAAA0AAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
14080
-
polling_time
21710
-
port_number
2096
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCFpNlYWDh8JSplLhLhe7/rOMTPeqMHd6I+c+my9zIGFHogVunosmcA0uAQJodCcp6p0iy4KxogI5rUs7D1vIAllM3VVp8Ntr9obu2ijOdziDjtjxWW12b2GlP1qGg73+8PAmX0CAQi66F6axF9cVA44FmmpeHlUnoeUWQc8Cm1oQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4.234810624e+09
-
unknown2
AAAABAAAAAEAAAXyAAAAAgAAAFQAAAACAAAPWwAAAA0AAAAPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/jqueryjs/jquery-3.3.2.min.js
-
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/101.0.4951.67 Safari/537.36
-
watermark
426352781
Targets
-
-
Target
0a9f32d40fc1f0c6b93431e0ce76ff62.exe.vir
-
Size
218KB
-
MD5
0a9f32d40fc1f0c6b93431e0ce76ff62
-
SHA1
fe2c3c1a25e57f520c03817a40f0ca950b2a3a9f
-
SHA256
5e6e9956ffee58bc7ac7d367f4bbbc145837404cda32214b95e568199c0218fe
-
SHA512
124e39a8a738f592f3bf85e0e423cabe787bebb927126e2a698e157f248ee9866ce230313ad0d567021f1e54e0b45410c62f05df743d6011e5e5156465239951
-
SSDEEP
6144:3EEgnYUdH/L8MBorobkk8MO20Fz36RNzxMCR:0+Udfposbkk8Q0Fz367xMCR
Score10/10-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-