General
-
Target
Copy of artifact.exe
-
Size
14KB
-
Sample
230406-w8n2zsgd5w
-
MD5
32b32ee67296424e3de3d405811e43f0
-
SHA1
a075f96e2a91b7d9365682c20445f5be6ba7fa7a
-
SHA256
7a8e1bddb3ded70bd5b084b0e1696ce713ed6f5b13ac3dd74ab5d22fb2d7b021
-
SHA512
6064bf460ad571db47af44d301e337e904e43f07028c1990b3b33016dea92fef9035b756f85af8858b33df6e7f489fb1e1c981840b9ae1265603f3b769276582
-
SSDEEP
192:hHCugRK83SxHn2OQ/dmBI4KBPwgir+xzzSx5pbqUqV/Qjo7AGa:pCxRKqbOCdWIVBPk+xzzSxTfCXAn
Static task
static1
Behavioral task
behavioral1
Sample
Copy of artifact.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Copy of artifact.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
metasploit
windows/download_exec
http://43.139.19.125:8585/T8ld
- headers User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENUS)
Extracted
cobaltstrike
305419896
http://43.139.19.125:8585/push
-
access_type
512
-
host
43.139.19.125,/push
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_method1
GET
-
http_method2
POST
-
maxdns
255
-
polling_time
60000
-
port_number
8585
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCnCZHWnYFqYB/6gJdkc4MPDTtBJ20nkEAd3tsY4tPKs8MV4yIjJb5CtlrbKHjzP1oD/1AQsj6EKlEMFIKtakLx5+VybrMYE+dDdkDteHmVX0AeFyw001FyQVlt1B+OSNPRscKI5sh1L/ZdwnrMy6S6nNbQ5N5hls6k2kgNO5nQ7QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.3; .NET CLR 2.0.50727)
-
watermark
305419896
Targets
-
-
Target
Copy of artifact.exe
-
Size
14KB
-
MD5
32b32ee67296424e3de3d405811e43f0
-
SHA1
a075f96e2a91b7d9365682c20445f5be6ba7fa7a
-
SHA256
7a8e1bddb3ded70bd5b084b0e1696ce713ed6f5b13ac3dd74ab5d22fb2d7b021
-
SHA512
6064bf460ad571db47af44d301e337e904e43f07028c1990b3b33016dea92fef9035b756f85af8858b33df6e7f489fb1e1c981840b9ae1265603f3b769276582
-
SSDEEP
192:hHCugRK83SxHn2OQ/dmBI4KBPwgir+xzzSx5pbqUqV/Qjo7AGa:pCxRKqbOCdWIVBPk+xzzSxTfCXAn
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-