General
-
Target
Desktop.zip
-
Size
22KB
-
Sample
230619-p5ycxsfa61
-
MD5
ed8a7b422fc9604b4ae40f230262eabf
-
SHA1
d418f4c6c2e16c3c78c3207ad602dea1d87425ad
-
SHA256
d187a04785a352207caa540ae530d4f3fcdb4b7b04672a6941a48fde82440521
-
SHA512
71b6b2f114df27409d1ece4863e774b0770862c956abf595da77eb69d7e3517c82dcab6ff58fe74f573fdc8d8a0fe89bc9fa1e07f0f38ae3126f578b431d027c
-
SSDEEP
384:rI6w8QzQln0TLCtMmh0uJHccH6HmPx3PoyfBpGBMIG0g+bCtO+N8Un0iNw:rIXzJTLCtMTQ8cH6HmdwQBpGCF9oK1n4
Static task
static1
Behavioral task
behavioral1
Sample
923da2573554c39f08e64ca8a166b8459bf49337f04daeb62ec64960950b44c9.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
923da2573554c39f08e64ca8a166b8459bf49337f04daeb62ec64960950b44c9.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
c1b5bef80277a6fcab7f43ca39a104a652cc1ea24c6c38086680b53980327a3c.exe
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
c1b5bef80277a6fcab7f43ca39a104a652cc1ea24c6c38086680b53980327a3c.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral5
Sample
d80516c34b47e50d22e42e8265aebdbc39cfcb0a36805eef9482233e51f00243.exe
Resource
win7-20230220-en
Behavioral task
behavioral6
Sample
d80516c34b47e50d22e42e8265aebdbc39cfcb0a36805eef9482233e51f00243.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
metasploit
windows/download_exec
http://123.60.165.221:8099/vue.min.js
- headers User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36
Extracted
cobaltstrike
305419896
http://123.60.165.221:8099/api/getit
-
access_type
512
-
host
123.60.165.221,/api/getit
-
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAcAAAAAAAAAAwAAAAIAAAAKU0VTU0lPTklEPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAcAAAAAAAAAAwAAAAIAAAAJSlNFU1NJT049AAAABgAAAAZDb29raWUAAAAHAAAAAQAAAAMAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_method1
GET
-
http_method2
POST
-
maxdns
255
-
polling_time
3000
-
port_number
8099
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCnCZHWnYFqYB/6gJdkc4MPDTtBJ20nkEAd3tsY4tPKs8MV4yIjJb5CtlrbKHjzP1oD/1AQsj6EKlEMFIKtakLx5+VybrMYE+dDdkDteHmVX0AeFyw001FyQVlt1B+OSNPRscKI5sh1L/ZdwnrMy6S6nNbQ5N5hls6k2kgNO5nQ7QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
1.481970944e+09
-
unknown2
AAAABAAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/api/postit
-
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36
-
watermark
305419896
Targets
-
-
Target
923da2573554c39f08e64ca8a166b8459bf49337f04daeb62ec64960950b44c9.exe
-
Size
27KB
-
MD5
8ce3ebb06ec70ab510c439e70cb7327f
-
SHA1
96cd8bb2ccd49e5ebcec618d45fb6d38536019a6
-
SHA256
923da2573554c39f08e64ca8a166b8459bf49337f04daeb62ec64960950b44c9
-
SHA512
e67bf0766ad0dcfc9e8907832c5d87f1abaf5d99378f0b27f59d0859d8e6a255b2f2022d63657e29a53935d06da1610b0745fa6c2ca6a1314b59cdcd9e80a2c1
-
SSDEEP
384:aEsivReRS824N8WNTs7J1ifgHA1rGc4ltLT71E:oivReRSUN8es7bifgMWPT71
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
-
-
Target
c1b5bef80277a6fcab7f43ca39a104a652cc1ea24c6c38086680b53980327a3c.exe
-
Size
27KB
-
MD5
785cd8fac4b5e733058c687635ae3a08
-
SHA1
22bc377bb2f3473288fe2c43ea3c0801052040c5
-
SHA256
c1b5bef80277a6fcab7f43ca39a104a652cc1ea24c6c38086680b53980327a3c
-
SHA512
3b65ba8105ef6a9639b44c5e7ed6bcf641aaaf60119047ea0eae7561a514a2e82f7ce00a5208a1640dd47c3627b090b1d2b0fef6cc966f99e40ae64c503a7ea5
-
SSDEEP
384:wR2e+Sws1NUJmcLJ1i3gHA1rGcTltLT71:wR2e+S7NU8cLbi3gMNPT71
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
-
-
Target
d80516c34b47e50d22e42e8265aebdbc39cfcb0a36805eef9482233e51f00243.exe
-
Size
27KB
-
MD5
980020f085752b1f64b3d4ac8d3d630b
-
SHA1
ae1759e28753301ee4b761ca7f1d25166d60661f
-
SHA256
d80516c34b47e50d22e42e8265aebdbc39cfcb0a36805eef9482233e51f00243
-
SHA512
0c3cbb7b2d16b1c7785edf3501c178a1f02fa434ce92f12be834ab4f74ffcf671da4810139de885ef614127b56a1c097e9c11be8f98f50eb4ea80faea8c8a950
-
SSDEEP
384:CEsivReRS824N8WNTs7J1ifgHA1rGc4ltLT71E:wivReRSUN8es7bifgMWPT71
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-