General
-
Target
t.exe
-
Size
281KB
-
Sample
230621-nw2hjsha36
-
MD5
4c05d37db42075a3ed99412a75c7b14d
-
SHA1
208db4d6ab1ec1220e372264d7da199cec52b5f1
-
SHA256
1b389560fdd34e176e08ef6960ce0bbd57983fc4cf87f7b6574e67bb16a88058
-
SHA512
222dff8706873d97cb1984bd8eb0829c87cf87c8ceb1e11a0e6902f7edef00c6a02f84f852c68466c2b34611af9e89f9c3e1bc661458d251ded84bc74bdd0109
-
SSDEEP
6144:JVLADC3D+munv6tEWEl1+vGwUimOYgbMYbIMUWFEnNOOGI:MDC39unv63ukwOY2MYblUaN
Static task
static1
Behavioral task
behavioral1
Sample
t.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
t.exe
Resource
win10v2004-20230621-en
Malware Config
Extracted
cobaltstrike
305419896
http://195.133.11.16:80/push
-
access_type
512
-
host
195.133.11.16,/push
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_method1
GET
-
http_method2
POST
-
maxdns
255
-
polling_time
60000
-
port_number
80
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCCRtsLPnQ51IYB57if5vZ7Md86YgSJ66rLm+CyDoWfePF0vA1VMk35Dikh8DFWinaoZzWEgia6ZTDaN/U7or9tvzpHK64CzDVPGB+1gO4dElN+xdz6hcKrf7DxpGzrJ1Ga56TCplac1UX/x7wbipl+jwtdrB4B8NVWBa2sZroRWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MANM; MANM)
-
watermark
305419896
Extracted
cobaltstrike
0
-
watermark
0
Targets
-
-
Target
t.exe
-
Size
281KB
-
MD5
4c05d37db42075a3ed99412a75c7b14d
-
SHA1
208db4d6ab1ec1220e372264d7da199cec52b5f1
-
SHA256
1b389560fdd34e176e08ef6960ce0bbd57983fc4cf87f7b6574e67bb16a88058
-
SHA512
222dff8706873d97cb1984bd8eb0829c87cf87c8ceb1e11a0e6902f7edef00c6a02f84f852c68466c2b34611af9e89f9c3e1bc661458d251ded84bc74bdd0109
-
SSDEEP
6144:JVLADC3D+munv6tEWEl1+vGwUimOYgbMYbIMUWFEnNOOGI:MDC39unv63ukwOY2MYblUaN
Score10/10 -