General
-
Target
Desktop.rar
-
Size
15.7MB
-
Sample
230329-rv6mnagf95
-
MD5
4647934c79c86c1bdc643a6af0c348b8
-
SHA1
ebeae1c2936e20b4e26000dbe0392b53b38e5005
-
SHA256
9a55a663051c0fa0834a6197322a80713b285eacb6d0181328733340e8c467bc
-
SHA512
396cf8bff06e96e60043832cd44b3fdbde960346cabc545faccd5b97b497b950f2ba952ed28f57291ffacc8b1bf1062d3993e822b0b56b4ca66996abbef05cf1
-
SSDEEP
393216:lUIfZTiu/u47R0nGW3Jd+uEcUOqBl9xIaYkl7:lfxiCu47mnlJd+9cUdx3j9
Behavioral task
behavioral1
Sample
26b961216d79f3e13ec3293d14803f63.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
26b961216d79f3e13ec3293d14803f63.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
d1c692cf0614c4e0a688cd3e87b78d12.exe
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
d1c692cf0614c4e0a688cd3e87b78d12.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
cobaltstrike
http://www.teamcolors.xyz:443/common-1.8.0.min.js
http://192.168.179.128:80/ciGJ
-
user_agent
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Host: www.teamcolors.xyz Accept-Encoding: gzip, deflate User-Agent: Sogou web spider/4.0(+http://www.sogou.com/docs/help/webmasters.htm#07)
Extracted
cobaltstrike
100000000
http://www.teamcolors.xyz:443/common-1.8.1.min.js
-
access_type
512
-
beacon_type
2048
-
host
www.teamcolors.xyz,/common-1.8.1.min.js
-
http_header1
AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAABAAAAAYSG9zdDogd3d3LnRlYW1jb2xvcnMueHl6AAAACgAAAB5BY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUAAAAHAAAAAAAAAA0AAAACAAAACV9fY2ZkdWlkPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAABAAAAAYSG9zdDogd3d3LnRlYW1jb2xvcnMueHl6AAAACgAAAB5BY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUAAAAHAAAAAAAAAA8AAAANAAAABQAAAAhfX2NmZHVpZAAAAAcAAAABAAAADwAAAA0AAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
9472
-
polling_time
45000
-
port_number
443
-
sc_process32
%windir%\syswow64\dllhost.exe
-
sc_process64
%windir%\sysnative\dllhost.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCEFs7Cw2l72lQp/AU6vktMwZ2l6qvEa8HBynRbDw4z6BSkN1g9QRl/iT+Ej2R8r6weEJK/XjnucHPUBzKLZx6dbb3olGQlHjdnloi0+ZYhzGraCVl7ylhg0HB8UMyQUHQRInVGc3QFF5GVPAsDrRVG4m4DU7mZlNCzzGOBtbprqwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4.234810624e+09
-
unknown2
AAAABAAAAAEAAAXyAAAAAgAAAFQAAAACAAAPWwAAAA0AAAAPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/common-1.8.2.min.js
-
user_agent
Sogou web spider/4.0(+http://www.sogou.com/docs/help/webmasters.htm#07)
-
watermark
100000000
Targets
-
-
Target
26b961216d79f3e13ec3293d14803f63.exe.vir
-
Size
7.2MB
-
MD5
26b961216d79f3e13ec3293d14803f63
-
SHA1
4a66ef8df86737c73ac850579c7c1fcce6da0658
-
SHA256
13a2b8c0ad30490dcebe5c87f99dec68a5eeeea01d125819dc95f8197adfe1dc
-
SHA512
ce621f26a65e259fcaf40e6caab9ee16cea3a688728818f2825cd3a7c6c34604b5344affbfc88f669f2bd19d1372da0be8a6c5a570eb34a1671be2cc91edeb41
-
SSDEEP
196608:mnLaAXlwV5UuWJysVYvsO5+DIEVFKgd7aEO4o0Ncm:axl8WJO+DIEBd7Jg0Om
Score10/10-
Loads dropped DLL
-
-
-
Target
d1c692cf0614c4e0a688cd3e87b78d12.exe.vir
-
Size
9.0MB
-
MD5
d1c692cf0614c4e0a688cd3e87b78d12
-
SHA1
65756ca25f579f8c9896144d6315f590113a3927
-
SHA256
0a85b3109591406eb3f28ad604c8ca099a141612d51583a05757a41a894ec4e0
-
SHA512
ea5592fd011ebea66e7e0b7446e4006576106d1e8af571771e577e2a9e8854dcd9d7bfe2317383a6fd94372e770dd1671f87372d9598a3bdc8ee9437139dbb27
-
SSDEEP
196608:XpwZC6c45SyY+GOe42yOmL2Vmd6+Dfc/f/+SmpsEVRadR+yDp:5+nSyY+k4tOmL2Vmd6mfc/ebpnRiBp
Score10/10-
Loads dropped DLL
-