General
-
Target
cs.ps1
-
Size
224KB
-
Sample
230403-1w8yvahb4v
-
MD5
fe23dd4aca8501992dc0bf752173fec5
-
SHA1
0b89835536671fd7c983e88547dedca313aff065
-
SHA256
5c3fc55388967216e5eda977151f0f85c5456124c4e98b08b0bafd83f4d023ff
-
SHA512
0e0324217e479f6c0373575ac3695e4aa083b87bef4eb3003ba41f03ec076ccf68b047788162c268ff3bcf74f4b027ce97df4ccd56a20cf5a0748eb2754255a0
-
SSDEEP
6144:qQKKwu8nhXHwYc7QgPj1LSaF1Pl+qtT4i8z9Bv2E0T:qKwdFS7QEX1d+q94PsEi
Behavioral task
behavioral1
Sample
cs.ps1
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
cs.ps1
Resource
win10v2004-20230220-en
Malware Config
Extracted
cobaltstrike
100000
http://159.65.62.10:443/rs.js
-
access_type
512
-
beacon_type
2048
-
host
159.65.62.10,/rs.js
-
http_header1
AAAAEAAAABBIb3N0OiBnb29nbGUuY29tAAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAASQWNjZXB0OiBpbWFnZS9qcGVnAAAACgAAABZBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTAAAABwAAAAAAAAALAAAAAwAAAAIAAAAMcmVnX2ZiX2dhdGU9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAAEAAAABBIb3N0OiBnb29nbGUuY29tAAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAAWQWNjZXB0LUxhbmd1YWdlOiBlbi1VUwAAAAoAAAAvQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQAAAAHAAAAAQAAAAMAAAADAAAAAgAAAAhpbnZvaWNlPQAAAAQAAAAHAAAAAAAAAAMAAAACAAAADl9fc2Vzc2lvbl9faWQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
10496
-
polling_time
60964
-
port_number
443
-
sc_process32
%windir%\syswow64\regsvr32.exe
-
sc_process64
%windir%\sysnative\regsvr32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCA8mnkk8UmUDunpetKUKs43ZhEnX4qr4SaxEMjNs6lBAJtrtkRAO5++OvmT0XevR2LTRQVlkEtqxxrx5GYrEgEg4Vejhv8ys8UuoxA2U4pt1OQdzB+VSg9RVgYiaZ0PVZ8KEPrTBohxRIRZRZvo2/TSo1lZGdaAKB36IfG/jMuXQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
3.445101824e+09
-
unknown2
AAAABAAAAAIAAANxAAAAAwAAAA8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/link
-
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.246
-
watermark
100000
Targets
-
-
Target
cs.ps1
-
Size
224KB
-
MD5
fe23dd4aca8501992dc0bf752173fec5
-
SHA1
0b89835536671fd7c983e88547dedca313aff065
-
SHA256
5c3fc55388967216e5eda977151f0f85c5456124c4e98b08b0bafd83f4d023ff
-
SHA512
0e0324217e479f6c0373575ac3695e4aa083b87bef4eb3003ba41f03ec076ccf68b047788162c268ff3bcf74f4b027ce97df4ccd56a20cf5a0748eb2754255a0
-
SSDEEP
6144:qQKKwu8nhXHwYc7QgPj1LSaF1Pl+qtT4i8z9Bv2E0T:qKwdFS7QEX1d+q94PsEi
Score10/10-
Blocklisted process makes network request
-