General
-
Target
域系统密码(会有风险提示,运行即可获取).exe
-
Size
17KB
-
Sample
230621-v9veqaaf73
-
MD5
f1b511dd44ff6d6166b176fb1c1e4165
-
SHA1
73c6b808926a9178e1a0f65e91de1278acf2a0e9
-
SHA256
b19cba6aa2a44eec571ba256fcea6fdd1d0743178961fa7558adc2a7d4220573
-
SHA512
ff13a66d347f5c193404a1257647d437823aa8beacae58237b451de6c1b6698e08ee7a399d8ef31203e1a2e03785848e1cdc57cbf7b89459e5aa7fa5b1438f2a
-
SSDEEP
192:QDMAe4Ckj19RZZ6wpSfu1bKcq5uHj7khBDSeKNH40mC1pNW7lo3BUbOj6kxiY:QDMAoKz6WtKEj7aBDiBmC19bAY
Malware Config
Extracted
cobaltstrike
http://111.231.24.230:54322/ln5N
-
user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; UHS)
Extracted
cobaltstrike
666666
http://111.231.24.230:54322/load
-
access_type
512
-
host
111.231.24.230,/load
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
54322
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCbrnuM6y9HSf6uBMig/TGmPPNFJ/FbwUyeQ1a9ycFth1dYX/TdBOwqRjNeRIaR53qIINWE8B058kkUetRGU0pQOSA9Befw1i2Bnlh5eFmcuA6DkA1+6ZvcRo440CxUtaftky/zXqxzvnYBRLgICj5vMqnVjQAnEaL3ukYY5w6rYQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
-
watermark
666666
Extracted
cobaltstrike
0
-
watermark
0
Targets
-
-
Target
域系统密码(会有风险提示,运行即可获取).exe
-
Size
17KB
-
MD5
f1b511dd44ff6d6166b176fb1c1e4165
-
SHA1
73c6b808926a9178e1a0f65e91de1278acf2a0e9
-
SHA256
b19cba6aa2a44eec571ba256fcea6fdd1d0743178961fa7558adc2a7d4220573
-
SHA512
ff13a66d347f5c193404a1257647d437823aa8beacae58237b451de6c1b6698e08ee7a399d8ef31203e1a2e03785848e1cdc57cbf7b89459e5aa7fa5b1438f2a
-
SSDEEP
192:QDMAe4Ckj19RZZ6wpSfu1bKcq5uHj7khBDSeKNH40mC1pNW7lo3BUbOj6kxiY:QDMAoKz6WtKEj7aBDiBmC19bAY
Score10/10-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-