General
-
Target
d6274c8067c384480589315a6d80810d25a6be16cd638194a7609091d9743406
-
Size
257KB
-
Sample
230811-jtfqvabg36
-
MD5
f4ca1fefe222bcb48b12f8cb0a2288e5
-
SHA1
d1cbfb683f53b92b6c6268b94a52c6efb1547e5d
-
SHA256
d6274c8067c384480589315a6d80810d25a6be16cd638194a7609091d9743406
-
SHA512
bc83a5740357758937b44a03f0fd5267c979b69ff0a42544f5600bccf2404552aacc98f0c8e92bd3f1a1ddbb46a9a01ee8ac1ae5c278c6e9867d942c1b2cfde6
-
SSDEEP
6144:RsYwjwIGIprrJweGTIDjhOTRryQ8js5Q:RE/nweh5Q8
Behavioral task
behavioral1
Sample
d6274c8067c384480589315a6d80810d25a6be16cd638194a7609091d9743406.dll
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
d6274c8067c384480589315a6d80810d25a6be16cd638194a7609091d9743406.dll
Resource
win10v2004-20230703-en
Malware Config
Extracted
cobaltstrike
999999
http://99avip.online:443/c/msdownload/update/others/2016/12/29136388_
-
access_type
512
-
beacon_type
2048
-
host
99avip.online,/c/msdownload/update/others/2016/12/29136388_
-
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAABAAAAAgSG9zdDogZG93bmxvYWQud2luZG93c3VwZGF0ZS5jb20AAAAHAAAAAAAAAA0AAAABAAAABC5jYWIAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAcAAAAAAAAAAgAAAB1kb3dubG9hZC53aW5kb3dzdXBkYXRlLmNvbS9jLwAAAAYAAAAESG9zdAAAAAcAAAABAAAADQAAAAEAAAAELmNhYgAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
GET
-
jitter
5120
-
polling_time
60000
-
port_number
443
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCfi5qZR4wnmlYmM2PTPrePXNb0rCe0kT7JM82iUiI4RiJxkr3LbyBFpcetYHdXqKH+TDNYbwlmR+ufGrfAWdgonmBT5A2gOE9ToD3Pp2RvUbX8P3PkTFVrMmSGW0+PRNHo0uAMeqMMJ+vdL45HizziWYZuCt4Riax//5iqDUmyGQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown3
1.610612736e+09
-
uri
/c/msdownload/update/others/2016/12/3215234_
-
user_agent
Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.40
-
watermark
999999
Targets
-
-
Target
d6274c8067c384480589315a6d80810d25a6be16cd638194a7609091d9743406
-
Size
257KB
-
MD5
f4ca1fefe222bcb48b12f8cb0a2288e5
-
SHA1
d1cbfb683f53b92b6c6268b94a52c6efb1547e5d
-
SHA256
d6274c8067c384480589315a6d80810d25a6be16cd638194a7609091d9743406
-
SHA512
bc83a5740357758937b44a03f0fd5267c979b69ff0a42544f5600bccf2404552aacc98f0c8e92bd3f1a1ddbb46a9a01ee8ac1ae5c278c6e9867d942c1b2cfde6
-
SSDEEP
6144:RsYwjwIGIprrJweGTIDjhOTRryQ8js5Q:RE/nweh5Q8
Score3/10 -