Overview
overview
10Static
static
8ApiClient.dll
windows7-x64
1ApiClient.dll
windows10-2004-x64
3msvcp140.dll
windows7-x64
1msvcp140.dll
windows10-2004-x64
3setup.exe
windows7-x64
1setup.exe
windows10-2004-x64
10vcruntime140.dll
windows7-x64
3vcruntime140.dll
windows10-2004-x64
3vcruntime140_1.dll
windows7-x64
3vcruntime140_1.dll
windows10-2004-x64
3General
-
Target
9b570603035afe928824e50b04cd7f2ef91240dbd7a03bf056e202b9e7193896
-
Size
22.7MB
-
Sample
230324-w9qbfage88
-
MD5
1f0b80e67abd8668aad53e392698bac9
-
SHA1
070c8532f90178dcbf0e2a60bf919fc7acff08ea
-
SHA256
9b570603035afe928824e50b04cd7f2ef91240dbd7a03bf056e202b9e7193896
-
SHA512
528bccb89a3cb46ee21f29b1beeeae24b1f5117ac237ea4258cefee582ac37c78d25809c6d0d89834dd8d5e38835293b6e4ee79836e78c6938fd38b0441b97cc
-
SSDEEP
196608:30sKQ/WwVjXM4y33/hXJVBtnRVRW4kngMHGE:NKQRjJ+rVBtRHE
Behavioral task
behavioral1
Sample
ApiClient.dll
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
ApiClient.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
msvcp140.dll
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
msvcp140.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral5
Sample
setup.exe
Resource
win7-20230220-en
Behavioral task
behavioral6
Sample
setup.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral7
Sample
vcruntime140.dll
Resource
win7-20230220-en
Behavioral task
behavioral8
Sample
vcruntime140.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral9
Sample
vcruntime140_1.dll
Resource
win7-20230220-en
Behavioral task
behavioral10
Sample
vcruntime140_1.dll
Resource
win10v2004-20230220-en
Malware Config
Extracted
cobaltstrike
838968285
http://d2oca100euqhv5.cloudfront.net:443/client-portal/insight
-
access_type
512
-
beacon_type
2048
-
host
d2oca100euqhv5.cloudfront.net,/client-portal/insight
-
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAARQ29ubmVjdGlvbjogQ2xvc2UAAAAHAAAAAAAAAAMAAAACAAAAC0pTRVNTSU9OSUQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAARQ29ubmVjdGlvbjogQ2xvc2UAAAAHAAAAAAAAAAgAAAANAAAABQAAAAJpZAAAAAcAAAABAAAADwAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
8448
-
polling_time
30000
-
port_number
443
-
sc_process32
%windir%\syswow64\rundll32x.exe
-
sc_process64
%windir%\sysnative\rundll32x.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCtI7P7EjdUTdb6ydcLvYfljr7MaP9stUdClJpVGaGdTFUh+8PKhNqh1bhQDaBQn3e+kWHKt+34pzVvPAdWaiBhVyPtIfIZrti0oraKW1PWo3E7pVECrpOIzlz9CR/JkvdYTHpGNp42C6b0wj0dh43WZtn6aRGGUgXC38oqsUImwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
6.711296e+07
-
unknown2
AAAABAAAAA8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/client-portal/ping
-
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36
-
watermark
838968285
-
year
256
Targets
-
-
Target
ApiClient.dll
-
Size
236KB
-
MD5
857b1f7cfd086a2fd24b978712eb8380
-
SHA1
bb73a0c41e9064e424c2b5b8cd84c368d1cc9179
-
SHA256
55ce30aa67d0aa7068d01036c4d267eea9ef36315c674fca4458aa0b3d2bd67e
-
SHA512
5e43dea1414e72e35886b1a9b190072cbb2879987d5c37eb7ca3b4bf5a54229d78c933b3d478e6ebf065c34096a8adbed95b16e91755e069e2cfe3c9c5dedc6d
-
SSDEEP
6144:oWpFcAT3+H+vWvSn6wmSFAIQBBohcc56XW:riAT3+HnS642BBoqfXW
Score3/10 -
-
-
Target
msvcp140.dll
-
Size
552KB
-
MD5
cb75d6437418afe1a7b52acf75730ff1
-
SHA1
54c2da9552671b161cc87eb50fbdb86319b00f56
-
SHA256
7c4ce9d6bfcd6d9db4eef4e75ecdcf5a8e5320106e80f1eca617439fa43f33e8
-
SHA512
f58abb740a30467e2d8aedd7eed357da020fdc7d966e245890d102a52e96fea296e122c1d2bc112423fc64b6f5e70b7df3f3eb7de1bf5c2f5f0eb3644f1e06d6
-
SSDEEP
12288:P/Wn7JnU0QUgqtLe1fqSKnqEXG6IOaaal7wC/QaDWxncycIW6z9y5QEKZm+jWody:XN59IW6z9OQEKZm+jWodEEYZ
Score3/10 -
-
-
Target
setup.exe
-
Size
21.5MB
-
MD5
9d311899c431152ceaa676c81c656d9f
-
SHA1
6b64bf51869662caeca104254113678bb0ccf96f
-
SHA256
7285efae50a67581e0748960f1800fd97a58945d95344a39985f22fd3d6bfb0b
-
SHA512
91e4b86285b06c71afaa58acb6f2cea2d9222d30ee3c2993987b74b4205eb45147659930f54ac990438aca93a69576838b8c24d57b78bb89b9e555856d8adf13
-
SSDEEP
196608:MKQ/WwVjXM4y33/hXJVBtnRVRW4kngMHGG:MKQRjJ+rVBtRHG
Score10/10 -
-
-
Target
vcruntime140.dll
-
Size
371KB
-
MD5
ac5f699d4ea4a05d5c8027f31fd1b511
-
SHA1
ad3f17abcbe3a5bb824e8f700adfa49d1822b1ce
-
SHA256
55ddd290b0b373e875c0482548a8ddc0e0cb2fad34024146cffddb89657914c1
-
SHA512
624cb512066b2a00701a14db9595d2d61b9438eb1f7c138e08e97178320cb73402ce7001b855e949d33b61c14484e06c2ef3b453f5655d5beaf623cbdfa94f4a
-
SSDEEP
6144:cTZ+TCHgeecbKF0FpbmGWF5PBpj3FEOr6BeJetJXYwSA3M9Z/xN9di46bgjYBgTT:cTZ+ZDG4NezDt5XtcvxN9div0Y2f
Score3/10 -
-
-
Target
vcruntime140_1.dll
-
Size
36KB
-
MD5
7667b0883de4667ec87c3b75bed84d84
-
SHA1
e6f6df83e813ed8252614a46a5892c4856df1f58
-
SHA256
04e7ccbdcad7cbaf0ed28692fb08eab832c38aad9071749037ee7a58f45e9d7d
-
SHA512
968cbaafe416a9e398c5bfd8c5825fa813462ae207d17072c035f916742517edc42349a72ab6795199d34ccece259d5f2f63587cfaeb0026c0667632b05c5c74
-
SSDEEP
384:5InvMCmWEyhUcSLt5a9k6KrOE5fY/ntz5txWE6Wc+XfbmuncS74GdWrUKWj14gHg:dCm5yhUcwrHY/ntTxT6ovR7VxIV1z
Score3/10 -