General
-
Target
Novo Documento de Texto.txt
-
Size
2KB
-
Sample
230405-vfmg1sgb45
-
MD5
e5d034552759bd4037a70b5feee1da62
-
SHA1
f83de566a87e80cac8a341b5f940d35e850db3bd
-
SHA256
816a3190974e97c934dc216fa45c0586c50e49484399110342244ab5b617abe4
-
SHA512
4c6e27e43d398a61f2278c4ee80e8fb94fc730b8df6b072cd7e90a144dd6730a66e1edf6405f75d04d7cc719b25bf499e7cdb8a2098ae57e30410c4284e7642f
Behavioral task
behavioral1
Sample
Novo Documento de Texto.ps1
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Novo Documento de Texto.ps1
Resource
win10v2004-20230220-en
Malware Config
Extracted
cobaltstrike
http://195.123.241.193:80/interpret/ct/YXNNJEPFEK8
-
user_agent
Accept: application/json, application/xhtml+xml, application/xml Accept-Language: fr-ca Accept-Encoding: *, br User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36
Extracted
cobaltstrike
391144938
http://195.123.241.193:80/study/v9.24/F6J9IA6H
-
access_type
512
-
host
195.123.241.193,/study/v9.24/F6J9IA6H
-
http_header1
AAAACgAAADhBY2NlcHQ6IGFwcGxpY2F0aW9uL3hodG1sK3htbCwgaW1hZ2UvKiwgYXBwbGljYXRpb24vanNvbgAAAAoAAAAWQWNjZXB0LUxhbmd1YWdlOiBlcy11eQAAAAoAAAAfQWNjZXB0LUVuY29kaW5nOiBnemlwLCBpZGVudGl0eQAAAAcAAAAAAAAADwAAAAsAAAACAAAAJFJZX1BISUc2WjA2NUk4Q05IM1NXMzBaWFk1T1ZLTkRUWDlKPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAADlBY2NlcHQ6IGFwcGxpY2F0aW9uL3htbCwgYXBwbGljYXRpb24veGh0bWwreG1sLCB0ZXh0L2h0bWwAAAAKAAAAE0FjY2VwdC1MYW5ndWFnZTogdmUAAAAKAAAAHUFjY2VwdC1FbmNvZGluZzogYnIsIGlkZW50aXR5AAAABwAAAAAAAAAPAAAACAAAAAUAAAAJX0pQT0xBQlNUAAAABwAAAAEAAAAPAAAADQAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
10496
-
polling_time
5000
-
port_number
80
-
sc_process32
%windir%\syswow64\w32tm.exe
-
sc_process64
%windir%\sysnative\Locator.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCaocmOMmJuFkYoayAIfroEt1z9ziv66pGDDglVGIwoG4T7Cyvw4iLmRfS80OwkwbfSPJ5sypACc42pwhjqPQiCP7z5Zsk0RePmmVqpDq1+pxQ/VI7wEMGKBVKjWz3WCLPYbdPm3Z1VlObaqjFY4zGnsi/HmGR4eon7BqFNevBRPwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
8.72947712e+08
-
unknown2
AAAABAAAAAEAAAOOAAAAAgAABJ4AAAALAAAADwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/Update/v10.7/G5BOA7UF
-
user_agent
Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36
-
watermark
391144938
Targets
-
-
Target
Novo Documento de Texto.txt
-
Size
2KB
-
MD5
e5d034552759bd4037a70b5feee1da62
-
SHA1
f83de566a87e80cac8a341b5f940d35e850db3bd
-
SHA256
816a3190974e97c934dc216fa45c0586c50e49484399110342244ab5b617abe4
-
SHA512
4c6e27e43d398a61f2278c4ee80e8fb94fc730b8df6b072cd7e90a144dd6730a66e1edf6405f75d04d7cc719b25bf499e7cdb8a2098ae57e30410c4284e7642f
Score10/10-
Blocklisted process makes network request
-