General

  • Target

    26X.rar

  • Size

    35.5MB

  • Sample

    230815-pjzzmaaf78

  • MD5

    5b1a994fa9b74100d5d7ec5f3eb985ae

  • SHA1

    2e3368f3c70a3088873619a60d9e2842b2fe2feb

  • SHA256

    d8fee2bf8afc2a4142b71d0410294967c95ea76f8cee3989082b6a8c43d30d3e

  • SHA512

    0302ee5be447865e4030f1c71ea2b6c9be6d43f0851d95427ce672aec7f4eed15a53bff20fdd4ce3136837a54ccf340ca10d4cc8638ed035472904c30a163161

  • SSDEEP

    786432:ZqJhTDch6TrXqcV2cYqYrFJ1VXpPy+UeJnRFwHWuOQoV40Mf:WchiXqE2H1rFJHE+U070WLxFw

Malware Config

Extracted

Family

cobaltstrike

Botnet

391144938

C2

http://123.125.34.14:443/dist/css/bootstrap.min.css

Attributes
  • access_type

    512

  • beacon_type

    2048

  • host

    123.125.34.14,/dist/css/bootstrap.min.css

  • http_header1

    AAAACgAAADhBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sOwAAABAAAAAWSG9zdDogZ2V0Ym9vdHN0cmFwLmNvbQAAAAoAAAAeQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlAAAACgAAAB9BY2NlcHQtTGFuZ3VhZ2U6IHpoLUNOLHpoO3E9MC45AAAABwAAAAAAAAANAAAAAgAAAAlfX2NmZHVpZD0AAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAACgAAADhBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sOwAAABAAAAAWSG9zdDogZ2V0Ym9vdHN0cmFwLmNvbQAAAAoAAAAeQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlAAAACgAAAB9BY2NlcHQtTGFuZ3VhZ2U6IHpoLUNOLHpoO3E9MC45AAAABwAAAAAAAAANAAAABQAAAAVzZXJ2ZQAAAAcAAAABAAAAAwAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    POST

  • http_method2

    POST

  • jitter

    9472

  • polling_time

    10000

  • port_number

    443

  • sc_process32

    %windir%\syswow64\svchost.exe -k netsvcs

  • sc_process64

    %windir%\sysnative\svchost.exe -k netsvcs

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCPrS+p8TjZ0V+VnHnpKUEbFOoNZVDS1a4CIeZLMhnmq0yABBqzTjBeiAykCIIapbRDCx//gAwExv5xNAEa/Bg1X++EHiNWhYteCYuIQosp31rfzPcWBl742Jb8iKVhW/6SOqPtOndbB9/3uUjR64g5iXYcfPpTCKhRKCTRrVaMNwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    3.462927616e+09

  • unknown2

    AAAABAAAAAEAAAAtAAAAAQAABsMAAAACAAAAFAAAAAIAAAA1AAAAAgAAACwAAAACAAAAJAAAAAIAAABLAAAAAgAAC6IAAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /dist/js/bootstrap.bundle.min.js

  • user_agent

    Mozilla/5.0 (X11; U; Linux x86_64; en-us) AppleWebKit/531.2+ (KHTML, like Gecko) Version/5.0 Safari/531.2+

  • watermark

    391144938

Extracted

Family

cobaltstrike

C2

http://82.156.153.122:11111/FYtJ

http://jtexpress.life:8443/XJaZ

Attributes
  • user_agent

    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENIN)

Extracted

Family

cobaltstrike

Botnet

100000

C2

http://captcha.jincheng4917.cn:443/api/v3/account/login/qrcode/scan_info

Attributes
  • access_type

    512

  • beacon_type

    2048

  • host

    captcha.jincheng4917.cn,/api/v3/account/login/qrcode/scan_info

  • http_header1

    AAAACgAAAF1BY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LGltYWdlL2FwbmcsKi8qO3E9MC44LHY9YjM7cT0wLjkAAAAKAAAAG1NlYy1GZXRjaC1TaXRlOiBzYW1lLW9yaWdpbgAAAAoAAAASU2VjLUZldGNoLVVzZXI6ID8xAAAACgAAAB9SZWZlcmVyOiBodHRwczovL3d3dy5iYWlkdS5jb20vAAAACgAAAB5BY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUAAAAKAAAAH0FjY2VwdC1MYW5ndWFnZTogemgtQ04semg7cT0wLjkAAAAHAAAAAAAAAAMAAAACAAAAYEhtX2xwdnRfOThiZWVlNTdmZDJlZjcwY2M0OT0xNjg5NzUyNTQ4OyBkX2MwPUFGQWF0VjNja0dqZnkwUVN2az18MTY4OTc1MjU0ODsgY2FwdGNoYV9zZXNzaW9uX3YyPQAAAAEAAABNO1NFU1NJT05JRD1pSDk4Z3VVVlhVajJsZVN3OyBKT0lEPVVGRVNCVUxOeF9VVUo3MFUwcjRHdjF5dlItZ3U3bkxmM3dXekVkb0dSMD0AAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAACgAAABpYLUNsaWVudC1WZXJzaW9uOiAyMDIxMDgwMwAAAAoAAAApQWNjZXB0OiBhcHBsaWNhdGlvbi9qc29uLCB0ZXh0L3BsYWluLCAqLyoAAAAKAAAAH1JlZmVyZXI6IGh0dHBzOi8vYmJzLmJhaWR1LmNvbS8AAAAKAAAAHkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQAAAAcAAAAAAAAADwAAAA0AAAACAAAAYF94c3JmPXVKMnFxYjFFUFQ0MkcyM2FmVjM7IF96YXA9YmM3NzQ0ZWItODdhNi00ZGYzLWE4MzUtN2Q1OTc4NTVkMzgwOyBIbV9sdnRfOThiZWVlNWE1MmI5NzQwYzQ5PQAAAAEAAAAnO0tMQlJTSUQ9Y2RmY2MxZDRiZGEyY2Z8MTY4OTc0OHwxNzUyNTQ1AAAABgAAAAZDb29raWUAAAAHAAAAAQAAAAMAAAACAAAAWnsiZXZlbnRfdHlwZTIiOiJsb2FkIiwicGFnZSI6MDEsInVzZXJfZnJvbSI6IndlYiIsImV2ZW50X25hbWUiOiJ2aXNpdGVkLWhvbWUiLCJsb2dfaW5mbyI6IgAAAAEAAAAVIiwiY29kZSI6IjExNjA4MjM3OCJ9AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • jitter

    5120

  • polling_time

    10000

  • port_number

    443

  • sc_process32

    %windir%\syswow64\dllhost.exe

  • sc_process64

    %windir%\sysnative\dllhost.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCob32D6dU7qf8KsvLx4JyS8MajH6r5XxxUGWimNofk3p24qhCyqt/qQUZl35HA+fx/SymsU4nBxfFuzrUTuIzhUMyORCOQhg/iSPEYp1QmcvMwJzq4MRCv602qRPfjB/bxHwNbQntqJeHROMhe/ULHfWcQk18WxtJldbkEKPt3XwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    8.44502272e+08

  • unknown2

    AAAABAAAAAEAAAAkAAAAAgAAALYAAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /api/v3inv2/za/logs/batch

  • user_agent

    Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.3600

  • watermark

    100000

Extracted

Family

systembc

C2

ar.undata.cc:5320

ar1.undata.cc:5320

Targets

    • Target

      26X/1.exe

    • Size

      892KB

    • MD5

      43ad71380dbd593b3f5c4838fccebaf3

    • SHA1

      c202811f65340def332180a1f4dd99abd4fe7035

    • SHA256

      0a2b307d14bb4aeac1a612092b7a85d7de2652dfe5e45db1e6a76a8a13b01400

    • SHA512

      9ab3fe15509666a22e0c57a80a58e84a9971e8a66a1a2dc54da99d65c6edf5bdcb91cce40d88236a51018f44bb81d0db8e733b206cbe7833e77155080eb897ed

    • SSDEEP

      12288:0GWqBEn0QA2eitdhpFuUdPpOQYHna4boKX+eyyAXpX8523j8qxWcy7sm4Gp2:0GWqBXQA29t+s4a4boKX+9pXCqxWEGp

    • Target

      26X/11.exe

    • Size

      3.9MB

    • MD5

      d1751a1411426372e372347e59cd9c77

    • SHA1

      cbbcca500101916daeaf0bcd7d2f9f7b57294c67

    • SHA256

      e7108827841a79e82b3ed9f3e54a628f380560c618e0a3769240c2eaec143e54

    • SHA512

      74f799555e925dcd72d5308fe0be9e704ce9758b3b1126333bb7d71dcfaf07445131d23a29258cd7310b91679712a54fd561d071b50dca6a4a44d9258b81aaf1

    • SSDEEP

      49152:Kgh98D4xlsAOPmUIkUI8RUyvhoDCfVC0fLqaNl1XvGTx/S5rcWWBXNO:ga71fUO

    Score
    10/10
    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    • Target

      26X/12.exe

    • Size

      6.2MB

    • MD5

      3ddaf96b1d296c2e7e8b1671805fe937

    • SHA1

      b6983c8c520b8e71c632d6452aa17f7cabed1313

    • SHA256

      28296eca6b91c94efb4cdf87e0eace2cc1db8aac8dd3b68f442983cae5c090b4

    • SHA512

      c1576148d386e7dcd3dba7c531ced4a129f9fb6ffde9cec4c71da6b452525257640a5bda6650843b04be8983602efdbbd00674c3b255c680c4757a8effb59986

    • SSDEEP

      196608:q9EbGXkWkICteEroXxCzlxZV3Gu5D4S26/CS3U0U:YESkInEroX414S260p

    Score
    7/10
    • Loads dropped DLL

    • Target

      26X/13.exe

    • Size

      5.4MB

    • MD5

      92dd6b5b80106f1aaa3c11864e654baa

    • SHA1

      d2a76d5de5d016903640d169b486c7ccbe55e4d0

    • SHA256

      330419773ab7d0a48986ceb4c642da85436073c3f28426f27be117563c5eea5f

    • SHA512

      f38f798548d3ce2d9505292a7ea2240f6269f3595aa4d1a618233dc9d893b164bfadea59ae97fd2744df6761cb92c56e84b3ac6bc20e4f75cfc4b7b21e160e2f

    • SSDEEP

      49152:sb+VASG3UyPrb/TyvO90d7HjmAFd4A64nsfJFYggHxp5jZDBz3Y7nhE+dRLojW3k:G3Uyy7ZBqfdKy3E2Bq/

    Score
    1/10
    • Target

      26X/14.exe

    • Size

      51KB

    • MD5

      4890d8ddb20b50c182ec2187f8847f17

    • SHA1

      19675a665c8e91410a36a80ecfdda36004024192

    • SHA256

      a9cb24a239d8155c0b300393f24f8bf73b49949a72df26b8133647d74f8c2186

    • SHA512

      bd9a22b21a4670c4a954d85d7f1800ae90cfeeb328b4531517cba449606801ad82ea9c043dbc6dde3d293453440934a0ba45d4bc61a9dfa94ea29a44ca7ba0cc

    • SSDEEP

      1536:Sh4sBzFl0lc0wyNSA3F7++++++++BCJ4:ZsBzFl0m0RNS+

    Score
    1/10
    • Target

      26X/15.exe

    • Size

      5.0MB

    • MD5

      397ff13303716a64e9716984864ba0b9

    • SHA1

      a26ec5c9b420967517b4f8ea0f8e51aa96946007

    • SHA256

      a970e59b6f346ac603500649065511b98866f2a4ab5eb94975dfe371e624deca

    • SHA512

      5cc2ff46227a93f2d0183500574fce393fe6049af2336b5b6f3ef39d98988743e69dbe1ed495b407ca2c4511d4e192d15b6cc113021bd8eaf4a57dc496110cf3

    • SSDEEP

      49152:odLqSB72g3gLjwrb/TyvO90d7HjmAFd4A64nsfJw6eXIbPJJQD14tjWjzJy0/HD/:+3gLWIz9DnbjzF31ZEDcJ2LK80jQus3

    Score
    3/10
    • Target

      26X/16.exe

    • Size

      3.5MB

    • MD5

      7e6ca4cd2a33e10b0a5c02c975191641

    • SHA1

      6232821e020ff7a8197c4f7ead5a81609b357f73

    • SHA256

      6b1229ef851d46b831ed7716939899dc8cf265a205e1ac2beff0aa0d26a0741b

    • SHA512

      71575b4f7913b0937b5e92e346b127f37c47179f167de4ad6b1304a70ed4a1a079dc3909e9c04e936653bfbe4b36857e6c5b96a4787882fc77c8fd69974d808e

    • SSDEEP

      98304:A/dKRc6tFxICglQKAbbm3mXiSXw11ZcWWq55jiiw:YYRc6tFxICglQKAbbm3mXiiw1dRw

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • UAC bypass

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Target

      26X/18.exe

    • Size

      1.9MB

    • MD5

      4eacf1603e926c78487ff7e0d234813f

    • SHA1

      f95c5fdce358792e70d0305653793860d196040c

    • SHA256

      c8a813d13d40a7713f60fb754905372984deb4098e4e6c59dacfe7fe4187796d

    • SHA512

      10e9af320fbbbbab8f0f88ca95698e82028fffcc96cf374ae65d148a8684f57f3e4f3e1924c00beb155e4f6cd0b636acebd18d37d8977cd82963c10149f29a4e

    • SSDEEP

      24576:ijnxm9O+cqWj/ooZH2JbrreFnD3qC+q4TbnDcHFvIXaleyPR:0nDL

    Score
    4/10
    • Target

      26X/2.exe

    • Size

      123KB

    • MD5

      c70c41dbedbc349c1818fd5d7197b699

    • SHA1

      29d434ae1d9e076239c83941aeba4ecb05bcf497

    • SHA256

      6c7a020cd7c0dee023f7b1f2eebc9c33190937f06eb25fe4d75e9ac05afb5e86

    • SHA512

      6364edebca9b5fcea34c92546a772471c22fc12f1a45d8a3bf65c3ad22751a9164f6a9500afdfbcfbd7053a0e8ee08695e3e98d6dbb065ef270ce878c9367c65

    • SSDEEP

      3072:uvbHPV/5zoZCsHhBuAAR9WlJafpYOPx9pf0:u7PToZCAhAAAR7zt

    Score
    1/10
    • Target

      26X/20.exe

    • Size

      36KB

    • MD5

      8d687497ed09646da9dcfd9b552d42f9

    • SHA1

      a941e2103d6c0f3ab749ad7f73d3e071cc5f03bb

    • SHA256

      9bc13693d4fcb7d1f04e5f1efaa48dfcb4b21082414ed97cf19010b923edb700

    • SHA512

      139b2a2b3a19c1f436a6e8c212d5e2c3c8065e90c6019b9df550b49e0b1e841c6cc7282a17721ab5592d9c5a9a7f8e68b04ab015d74ceb51e951b09237d2ecf6

    • SSDEEP

      384:eXXK6XbQs/HPnOIEYMZhjL48aWdNRWtHTvRlOwRRRRRRRRRRRRRRRRRRRRRRRRRj:eV/GI87kzo2HTvD

    Score
    1/10
    • Target

      26X/21.exe

    • Size

      609KB

    • MD5

      c13b0578ad6d46613aa4b0cfe9c5cc15

    • SHA1

      f2c89fd56d03fa53c866920619d3194ccacc5933

    • SHA256

      db54aecb2b9cec2d474e3fb538e40fcba9876355cc223f5995ab06df3aa63bd0

    • SHA512

      a4535deee6408f4548c60f59033f6a74da3b754d5b2c8b5761bcaf2871cdff88137b8523665594795e7889d1ca4d117bd001fff006d394e69d83acbc73e71283

    • SSDEEP

      12288:d8zuLrP7YgTZQW8pPUB9yPgni4kzLpzCz61GsLthziXgy:KwYYspKx1kP1CO1Gaz8gy

    Score
    3/10
    • Target

      26X/22.exe

    • Size

      477KB

    • MD5

      224e7ce310acc0e47120cece1cfac527

    • SHA1

      24881dc39b49bd3b965281bcfbd7bff6853d726d

    • SHA256

      e67a68056eb4299602cdeb9e52be77b6862d0f7a7ad21a651d520189963caab6

    • SHA512

      5ab0cb6ddd7d7e93ed70f710a972e4c543b7791077c435e7e3447477227713cab6be777ac10eb966bcb4d5a7bf3020e09938f3f44d28fccdae8878d80283e180

    • SSDEEP

      6144:nT8HZfobj7OD4eZd6rn7u9SDta2AMtUIIbli1BBqcrnh1hVpXBzprWdqmNHQLDZK:4qqPXq7ASw2AM5b2crvpxs8mHQr

    • Target

      26X/24.exe

    • Size

      9.7MB

    • MD5

      3c8ebda077b8f7f6bee0941ebd48af54

    • SHA1

      fe2d8b98f4e5e22a96270b92cb4a838abf46454d

    • SHA256

      1bd66ff2698a8297174d0c4e24ea7b57f4ccf9ed99d943dc1093adebad0f98c2

    • SHA512

      b6731e5ff660be49b2c7814ecb7d50e4bdc4698c9a91e31b012451b97cb6203f68633dff98a37b4985be0aba001117ef1c5bf609805501a9fd1d0f1c3ddb9d5d

    • SSDEEP

      196608:N+fHrDVhPDpFC4g0AVIGv38ZJ9BIBxIFrukhuIMnZl2mLJs/bENQLIJro:2nVdLgtIGiYXIBuD9LJs/bEdJro

    • Target

      26X/4.exe

    • Size

      131KB

    • MD5

      449622db03f849a5a5f4dafd2d1cbd98

    • SHA1

      945ef0e5283e29e82892dc90f9e109085ade9504

    • SHA256

      baee8be767db634c6d2d4de7de4739dce5b948dcd4dbfc5bd73dd3c9bf335467

    • SHA512

      f708aaef5753eaa8aa1a6fef05486f243b6f1876ec81022c783dffe28224ad29ef28e04aa5f5883e6ff9b40f43c82f648633277437ccc4ac45c6497ec9e116c5

    • SSDEEP

      3072:Ixb3FKsw8iGPQg3IIdE1ON5gOam7TYr22k:2FKsriGH3IIdEoIOxkr

    • Target

      26X/5.exe

    • Size

      9.6MB

    • MD5

      b77186461c2dd643c40fe7541066ef6e

    • SHA1

      cd109a25ef0848ef303dac5721bc887bbb350f4e

    • SHA256

      8d9a887f11c4602dc457486524978b2502dbfdb6952821900c3c23eaf3041bd2

    • SHA512

      b5c09946503eb563b96626271fb3cd32a66c4f0020d213c82e293ee0395347a4b43e3b78a19dbfee892769642ba4a980c43a160385465f68dd31b7d846db7278

    • SSDEEP

      196608:lMvRVhRaxzed71ibP5ICsXDjDyf0dJolpPgToa10/uvFOnJ/Q1J5U:GvRV2xzKcPiCEDHJ83a10ssU5

    Score
    7/10
    • Loads dropped DLL

    • Target

      26X/6.exe

    • Size

      41KB

    • MD5

      2664b88dafd4faf51b61d190cb574162

    • SHA1

      aa3c6a74403f5bc86a9a2097db110c901fc5a8de

    • SHA256

      9ff4730c53205b9446468a66c15ed6fa383af4bdfd4e8590248f614e257c570b

    • SHA512

      d3e68e2ccde8480894b63b57000b2a6e8ccd846218fbae9690de7edf27aaa6c6ac7f8cc3a8f5e7521e92a69d913d3f93d903839cb5fda8f177253b5ce4c139e0

    • SSDEEP

      768:sgtTkesXoZKSZXEPuO+t0oiPu+av90Uc2I9WY3:Ft5s4Zz+e6PuV0UczW2

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks

static1

pyinstaller
Score
3/10

behavioral1

Score
1/10

behavioral2

cobaltstrike391144938backdoortrojan
Score
10/10

behavioral3

Score
1/10

behavioral4

systembctrojan
Score
10/10

behavioral5

Score
7/10

behavioral6

Score
7/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
3/10

behavioral12

Score
3/10

behavioral13

gh0strataspackv2evasionpersistencerattrojanupx
Score
10/10

behavioral14

gh0strataspackv2evasionpersistencerattrojanupx
Score
10/10

behavioral15

Score
4/10

behavioral16

Score
3/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
3/10

behavioral22

Score
3/10

behavioral23

cobaltstrike100000backdoortrojan
Score
10/10

behavioral24

cobaltstrike100000backdoortrojan
Score
10/10

behavioral25

cobaltstrikebackdoortrojan
Score
10/10

behavioral26

cobaltstrikebackdoortrojan
Score
10/10

behavioral27

cobaltstrikebackdoortrojan
Score
10/10

behavioral28

cobaltstrikebackdoortrojan
Score
10/10

behavioral29

Score
7/10

behavioral30

Score
7/10

behavioral31

Score
1/10

behavioral32

Score
1/10