General
-
Target
c79f7d78389495662b189565b6b319e3360639ae6e58f97e64da571f154104c4
-
Size
1.7MB
-
Sample
230828-sv18lsfc2w
-
MD5
7669fc10c0933e4d83317787f80af71d
-
SHA1
04961cda745d1078c71242ae7fcbc66b90c9f260
-
SHA256
c79f7d78389495662b189565b6b319e3360639ae6e58f97e64da571f154104c4
-
SHA512
bad0de792537b27e6b6c752e38334e5844bc743778dab8c224dd19858e54c5d0f638bd01f4248d69f4600b94da328d889e474866659f925fa8b0cce4a7c4ced4
-
SSDEEP
49152:AgVSr/4oJB3wd8rb/TLvO90d7HjmAFd4A64nsfJpfC08SgYMxoafb1:KrD3wd
Malware Config
Extracted
cobaltstrike
http://13.51.150.99:10011/ioAD
-
user_agent
User-Agent: Mozilla/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
Extracted
cobaltstrike
100000
http://13.51.150.99:10011/search/
-
access_type
512
-
host
13.51.150.99,/search/
-
http_header1
AAAAEAAAABJIb3N0OiB3d3cuYmluZy5jb20AAAAKAAAAR0FjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44AAAACgAAADhDb29raWU6IERVUD1RPUdwTzFuSnBNbmFtNFVsbEVmbWVNZGcyJlQ9MjgzNzY3MDg4JkE9MSZJRwAAAAcAAAAAAAAADQAAAAUAAAABcQAAAAkAAAAJZ289U2VhcmNoAAAACQAAAAVxcz1icwAAAAkAAAAJZm9ybT1RQlJFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAAEAAAABJIb3N0OiB3d3cuYmluZy5jb20AAAAKAAAAR0FjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44AAAACgAAADhDb29raWU6IERVUD1RPUdwTzFuSnBNbmFtNFVsbEVmbWVNZGcyJlQ9MjgzNzY3MDg4JkE9MSZJRwAAAAcAAAABAAAADQAAAAUAAAABcQAAAAkAAAAJZ289U2VhcmNoAAAACQAAAAVxcz1icwAAAAcAAAAAAAAADQAAAAUAAAAEZm9ybQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
GET
-
jitter
5120
-
polling_time
60000
-
port_number
10011
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDDohWpPN9dK5Iaq3j5MARwhwXxMD+LZJY92SEg755tH3cbGJDwjAjae+Cq14PUO5w33EpPbdmLoEfwZmXv2Zz/AYj0O8mNmRw35sEPhPXGKj1Snqz4qS1EVBYgJOSMLEUCg7LBwHQtvsGnoZjszjkVqf9Hi9INcnBF8qLyh4JrKQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
3.82554112e+09
-
unknown2
AAAABAAAAAEAAANBAAAAAgAAAqMAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown3
1.610612736e+09
-
uri
/Search/
-
user_agent
Mozilla/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
-
watermark
100000
Targets
-
-
Target
c79f7d78389495662b189565b6b319e3360639ae6e58f97e64da571f154104c4
-
Size
1.7MB
-
MD5
7669fc10c0933e4d83317787f80af71d
-
SHA1
04961cda745d1078c71242ae7fcbc66b90c9f260
-
SHA256
c79f7d78389495662b189565b6b319e3360639ae6e58f97e64da571f154104c4
-
SHA512
bad0de792537b27e6b6c752e38334e5844bc743778dab8c224dd19858e54c5d0f638bd01f4248d69f4600b94da328d889e474866659f925fa8b0cce4a7c4ced4
-
SSDEEP
49152:AgVSr/4oJB3wd8rb/TLvO90d7HjmAFd4A64nsfJpfC08SgYMxoafb1:KrD3wd
Score10/10-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-