General
-
Target
ae73d9340a495f4dcae63f042a0bf781.exe.vir
-
Size
2.0MB
-
Sample
230322-rxk4qshc87
-
MD5
ae73d9340a495f4dcae63f042a0bf781
-
SHA1
0ef080138ec43b945210ffa039888b5f3ee7c7df
-
SHA256
57a73ff0c065ccf8cd111195c53e8174f01de06cde2db1a6afff5ba05b07e743
-
SHA512
d350b52f8d628cd3ec91438c98e7d3873c064c77c7b3ac61e5a5d7b57899c455b48960b40d73c8459009c069a84cc8c84537716f66b7e03607327ade2b2bcc52
-
SSDEEP
49152:ydM8vBhkWxEDzA79QBHsxpqxBzUzgG69FInxkA9:ydtDkbMB2Hsxp4zULjT
Static task
static1
Behavioral task
behavioral1
Sample
ae73d9340a495f4dcae63f042a0bf781.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
ae73d9340a495f4dcae63f042a0bf781.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
cobaltstrike
http://116.204.74.236:80/dfOD
-
user_agent
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; QQDownload 733; .NET CLR 2.0.50727)
Extracted
cobaltstrike
666666
http://116.204.74.236:80/cm
-
access_type
512
-
host
116.204.74.236,/cm
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
80
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFh2vsbNIuBd07eY/0VVMSEMrHlL77bTjzfSST0xtd9x4ymuPaamotzxKtobkYLcADOgRWoilXX4+5BXNiMS6YSLsQlOtlDUjT77n2m0ywylqPGhvnjKY3yCOVLd5hrASVjV8hP573TjdjtPAgWHZydbn0ofLFrFeTAVrrh7teRwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; XBLWP7; ZuneWP7)
-
watermark
666666
Extracted
cobaltstrike
0
-
watermark
0
Targets
-
-
Target
ae73d9340a495f4dcae63f042a0bf781.exe.vir
-
Size
2.0MB
-
MD5
ae73d9340a495f4dcae63f042a0bf781
-
SHA1
0ef080138ec43b945210ffa039888b5f3ee7c7df
-
SHA256
57a73ff0c065ccf8cd111195c53e8174f01de06cde2db1a6afff5ba05b07e743
-
SHA512
d350b52f8d628cd3ec91438c98e7d3873c064c77c7b3ac61e5a5d7b57899c455b48960b40d73c8459009c069a84cc8c84537716f66b7e03607327ade2b2bcc52
-
SSDEEP
49152:ydM8vBhkWxEDzA79QBHsxpqxBzUzgG69FInxkA9:ydtDkbMB2Hsxp4zULjT
Score10/10-
Suspicious use of NtCreateThreadExHideFromDebugger
-