General
-
Target
5b324bc483ebfecddae3bcd1cc80bf1565e2a13d7fe9368f7b6e5fd3fc336b32
-
Size
274KB
-
Sample
230810-bbm37sac2t
-
MD5
aa9fe7ed52375aef4a7d57c7c3485471
-
SHA1
3cc43b555a69748b73a11ac322fc16864b7263d3
-
SHA256
5b324bc483ebfecddae3bcd1cc80bf1565e2a13d7fe9368f7b6e5fd3fc336b32
-
SHA512
a20d04aac9f3315e69cbf8ce8e5cbef40bfc29422872cb1eb87e59f34f3b179fb002fb40680dc92db761de34ad23e7e5fc20f8b8c27355af073224221b46472c
-
SSDEEP
6144:3yU+8VVVOjeoo64Kk4OjrpwibuNe1wOTLmw2A9Ik5U0rKM:3Rp/OjHv4Kk1jNwauNe1wOTv2APU4
Malware Config
Extracted
cobaltstrike
674054486
http://thetechnicalassistant.com:8081/tab_home_active.html
-
access_type
512
-
host
thetechnicalassistant.com,/tab_home_active.html
-
http_header1
AAAAEAAAAB9Ib3N0OiB0aGV0ZWNobmljYWxhc3Npc3RhbnQuY29tAAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAAZQWNjZXB0LUVuY29kaW5nOiBnemlwLCBicgAAAAcAAAAAAAAAAwAAAAMAAAACAAAABUhTSUQ9AAAABgAAAAZDb29raWUAAAAJAAAACmJsb2NrPXRydWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAAEAAAAB9Ib3N0OiB0aGV0ZWNobmljYWxhc3Npc3RhbnQuY29tAAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAAWQWNjZXB0LUxhbmd1YWdlOiBlbi1VUwAAAAoAAAAYQ29udGVudC1UeXBlOiB0ZXh0L3BsYWluAAAABwAAAAEAAAADAAAAAwAAAAQAAAAHAAAAAAAAAAMAAAACAAAADl9fc2Vzc2lvbl9faWQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
11008
-
polling_time
56520
-
port_number
8081
-
sc_process32
%windir%\syswow64\runonce.exe
-
sc_process64
%windir%\sysnative\runonce.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCP19RZVXo8sGBdd9gGAU1Ae6pErAa+VEJZUdCqYSIFDMRi8d1GCSq9/24HJyQxitaEVM2cL4D2CoXRiT+dgEc1ldO9efJ2hphJVFpU+EhnLOOGobdr9BsbiHAMJpwLMV9WO9IQrbjV38WmBDMAcAHSSePzYcTOWw0O+B2qM07BjwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
7.8457344e+07
-
unknown2
AAAABAAAAAIAAAJYAAAAAwAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/sm
-
user_agent
Mozilla/5.0 (Windows Phone 10.0; Android 6.0.1; Microsoft; RM-1152) AppleWebKit/537.36 (KHTML, like Gecko)
-
watermark
674054486
Targets
-
-
Target
5b324bc483ebfecddae3bcd1cc80bf1565e2a13d7fe9368f7b6e5fd3fc336b32
-
Size
274KB
-
MD5
aa9fe7ed52375aef4a7d57c7c3485471
-
SHA1
3cc43b555a69748b73a11ac322fc16864b7263d3
-
SHA256
5b324bc483ebfecddae3bcd1cc80bf1565e2a13d7fe9368f7b6e5fd3fc336b32
-
SHA512
a20d04aac9f3315e69cbf8ce8e5cbef40bfc29422872cb1eb87e59f34f3b179fb002fb40680dc92db761de34ad23e7e5fc20f8b8c27355af073224221b46472c
-
SSDEEP
6144:3yU+8VVVOjeoo64Kk4OjrpwibuNe1wOTLmw2A9Ik5U0rKM:3Rp/OjHv4Kk1jNwauNe1wOTv2APU4
Score1/10 -