General
-
Target
2941c95c651a851d37fa94083c9a60738652ea70fb6f8f4e43c3433dae5e43e8
-
Size
549KB
-
Sample
230626-etd5sshc6w
-
MD5
4e4db89841979de3205906411986b07d
-
SHA1
74d600fc823f74b6468cb741062ee5012761aeff
-
SHA256
2941c95c651a851d37fa94083c9a60738652ea70fb6f8f4e43c3433dae5e43e8
-
SHA512
504ecb874c9d070b39081256c543a04b4ec12ba405ecbbff8fe670d364140fad4814fb7648e99f608a4a1d720a644882d28a8931db6eeb54abb611d697db9cd9
-
SSDEEP
12288:cd87Nw1UbxnttI2kszbBu7ahyOzcp64y90:zw1UbxttPkR9+cp64y
Behavioral task
behavioral1
Sample
2941c95c651a851d37fa94083c9a60738652ea70fb6f8f4e43c3433dae5e43e8.exe
Resource
win7-20230621-en
Behavioral task
behavioral2
Sample
2941c95c651a851d37fa94083c9a60738652ea70fb6f8f4e43c3433dae5e43e8.exe
Resource
win10v2004-20230621-en
Malware Config
Extracted
cobaltstrike
0
http://potasip.com:443/Inform/v8.71/V6PGG8YFP
-
access_type
512
-
beacon_type
2048
-
host
potasip.com,/Inform/v8.71/V6PGG8YFP
-
http_header1
AAAACgAAADhBY2NlcHQ6IGltYWdlLyosIGFwcGxpY2F0aW9uL3hodG1sK3htbCwgYXBwbGljYXRpb24vanNvbgAAAAoAAAAWQWNjZXB0LUxhbmd1YWdlOiBlcy1lYwAAAAoAAAAjQWNjZXB0LUVuY29kaW5nOiBpZGVudGl0eSwgY29tcHJlc3MAAAAHAAAAAAAAAA8AAAALAAAAAgAAAB9zZWN1cmVfaWRfRlJCQ1JSOVlJNTFDUjZFQlNHUks9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACtBY2NlcHQ6IHRleHQvaHRtbCwgYXBwbGljYXRpb24veG1sLCBpbWFnZS8qAAAACgAAABZBY2NlcHQtTGFuZ3VhZ2U6IHJvLW1kAAAACgAAACNBY2NlcHQtRW5jb2Rpbmc6IGNvbXByZXNzLCBpZGVudGl0eQAAAAcAAAAAAAAADwAAAAgAAAAFAAAACV9DVEZHRUhNWgAAAAcAAAABAAAADwAAAAgAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
12032
-
polling_time
65164
-
port_number
443
-
sc_process32
%windir%\syswow64\svchost.exe -k wksvc
-
sc_process64
%windir%\sysnative\dllhost.exe -o enable
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCwmDPf5eB+sbbzIHFKmCvzkErU8dHYucVwhJGmnrc0pLHyO9XMovzcZjnua2lw3j0OsxmH0G7juEYW4tSxq09zkxRr0wdwtSY04hLW9OYej51HE45hVCMFlkHOs7GiuptveyvCx+q/ngSnLAcPkogNJ2Gzzp89PKI1sZljY+woOwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
1.141448704e+09
-
unknown2
AAAABAAAAAEAAASeAAAAAgAABJ4AAAALAAAADwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/Annotate/v8.17/2PGIS0PDXLI
-
user_agent
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.108 Safari/537.36
-
watermark
0
Targets
-
-
Target
2941c95c651a851d37fa94083c9a60738652ea70fb6f8f4e43c3433dae5e43e8
-
Size
549KB
-
MD5
4e4db89841979de3205906411986b07d
-
SHA1
74d600fc823f74b6468cb741062ee5012761aeff
-
SHA256
2941c95c651a851d37fa94083c9a60738652ea70fb6f8f4e43c3433dae5e43e8
-
SHA512
504ecb874c9d070b39081256c543a04b4ec12ba405ecbbff8fe670d364140fad4814fb7648e99f608a4a1d720a644882d28a8931db6eeb54abb611d697db9cd9
-
SSDEEP
12288:cd87Nw1UbxnttI2kszbBu7ahyOzcp64y90:zw1UbxttPkR9+cp64y
Score10/10 -