General
-
Target
http://198.148.118.129
-
Sample
230323-yk9d5ahg74
Score
10/10
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://198.148.118.129
Resource
win10v2004-20230221-en
windows10-2004-x64
16 signatures
600 seconds
Malware Config
Extracted
Family
cobaltstrike
C2
http://naporiz.com:443/image-directory/admin.gif
Attributes
-
user_agent
Host: taobao.com Connection: close Accept: */* Accept-Language: fr-CH, fr;q=0.9, en;q=0.8, de;q=0.7, *;q=0.5 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_2) AppleWebKit/601.3.9 (KHTML, like Gecko) Version/9.0.2 Safari/601.3.9
Extracted
Language
ps1
Source
URLs
exe.dropper
http://64.44.102.190/ngrok.zip
exe.dropper
http://nssm.cc/release/nssm-2.24.zip
Targets
-
-
Target
http://198.148.118.129
Score10/10-
Downloads MZ/PE file
-
Executes dropped EXE
-