General
-
Target
245f38b4b8a25754bf6e630f8e2acf59.ps1
-
Size
280KB
-
Sample
230409-a8mm9sgb64
-
MD5
25da2ffacd07ebf65a6b822026dc376a
-
SHA1
b3823cc7dd589652b08ea661ce7e0fca14a4e09d
-
SHA256
485263958f6879d443576f50cf7e10e48e8c05b2826ee175d28244f1aba991a4
-
SHA512
36360c3a0739b283b41b41c0e45b83987e70e819cfa0d2e67775f7a062f387cfcba47f5280200a7968504ab90a0fcc3d79547b4212964f40b6956fb6a4a6e99e
-
SSDEEP
6144:gnHrLhifxGFbvmUoNwVn2rf/I3U5LWNZeT8rLgC5616A:gnhGxGV4NLfw3U5sGIBA
Static task
static1
Behavioral task
behavioral1
Sample
245f38b4b8a25754bf6e630f8e2acf59.ps1
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
245f38b4b8a25754bf6e630f8e2acf59.ps1
Resource
win10v2004-20230220-en
Malware Config
Extracted
cobaltstrike
206546002
http://88.216.210.27:80/design/query/9X5M3SOE0F
-
access_type
512
-
host
88.216.210.27,/design/query/9X5M3SOE0F
-
http_header1
AAAACgAAADhBY2NlcHQ6IGFwcGxpY2F0aW9uL3hodG1sK3htbCwgYXBwbGljYXRpb24vanNvbiwgaW1hZ2UvKgAAAAoAAAAWQWNjZXB0LUxhbmd1YWdlOiBlcy1kbwAAAAoAAAAcQWNjZXB0LUVuY29kaW5nOiAqLCBpZGVudGl0eQAAAAcAAAAAAAAADwAAAA0AAAACAAAABl9XR2lkPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAADdBY2NlcHQ6IGltYWdlLyosIGFwcGxpY2F0aW9uL3htbCwgYXBwbGljYXRpb24veGh0bWwreG1sAAAACgAAABNBY2NlcHQtTGFuZ3VhZ2U6IGx2AAAACgAAAB1BY2NlcHQtRW5jb2Rpbmc6IGlkZW50aXR5LCBicgAAAAcAAAAAAAAADwAAAAgAAAAFAAAACV9TVUpQTVdUWgAAAAcAAAABAAAADwAAAA0AAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
8960
-
polling_time
93780
-
port_number
80
-
sc_process32
%windir%\syswow64\DevicePairingWizard.exe
-
sc_process64
%windir%\sysnative\DevicePairingWizard.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCN5UAJbAA83lOuZlkNoqHDAdV1F7OJnqUiF3kD6mwuXzJzVpu9+f4l/QIUotuiQA+vvxdM3q/XGu77WogAe90LRUknEdoD6YnU32G/ts9dbSwG6HySt7cLn5B3FsomLWjBbssH9e31TihCUvZbK6PRzmLW4SBgZigBWLXZgu7+SwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
8.72947712e+08
-
unknown2
AAAABAAAAAEAAAOOAAAAAgAABJ4AAAALAAAADwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/run/redirect/QD77MO6RQ
-
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.1805 Safari/537.36 MVisionPlayer/1.0.0.0
-
watermark
206546002
Targets
-
-
Target
245f38b4b8a25754bf6e630f8e2acf59.ps1
-
Size
280KB
-
MD5
25da2ffacd07ebf65a6b822026dc376a
-
SHA1
b3823cc7dd589652b08ea661ce7e0fca14a4e09d
-
SHA256
485263958f6879d443576f50cf7e10e48e8c05b2826ee175d28244f1aba991a4
-
SHA512
36360c3a0739b283b41b41c0e45b83987e70e819cfa0d2e67775f7a062f387cfcba47f5280200a7968504ab90a0fcc3d79547b4212964f40b6956fb6a4a6e99e
-
SSDEEP
6144:gnHrLhifxGFbvmUoNwVn2rf/I3U5LWNZeT8rLgC5616A:gnhGxGV4NLfw3U5sGIBA
Score10/10-
Blocklisted process makes network request
-