General
-
Target
7ab661b971e6fbb1b6cd8b342d64a012fb6df3b37fc6a5fafabe22fb14e8656c
-
Size
259KB
-
Sample
230829-fn1maaab97
-
MD5
23c72a5193f84a6ac14791e471e5d6fd
-
SHA1
441e776c71c874d7933e6c191205d5daf97fd5fd
-
SHA256
7ab661b971e6fbb1b6cd8b342d64a012fb6df3b37fc6a5fafabe22fb14e8656c
-
SHA512
5c0004870a2ea2694bb2866d80a81621b43cf635a223d7e2abd35580de7aaebfa525199b4e4a1e1951bf07d8c371695a7d152b19882430c8ae3545b961cc8354
-
SSDEEP
6144:uJqVG5d1IpMyibgkTZI6jHID90aKBX1H/:u3d6tevox6BXZ
Behavioral task
behavioral1
Sample
7ab661b971e6fbb1b6cd8b342d64a012fb6df3b37fc6a5fafabe22fb14e8656c.dll
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
7ab661b971e6fbb1b6cd8b342d64a012fb6df3b37fc6a5fafabe22fb14e8656c.dll
Resource
win10v2004-20230703-en
Malware Config
Extracted
cobaltstrike
100000
http://172.21.187.108:80/IE9CompatViewList.xml
-
access_type
512
-
host
172.21.187.108,/IE9CompatViewList.xml
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
80
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWB3zi1JW+b/ANyrpLE8QhxYCmtDgXIW+Hqv7/5KkmylCPIzsoDUPNF4Gbekk0VyG11qW15+j95pSY2MgJLo0MNAf74bsKuf9f8ir/n2W/BNKh9kcYdS0V6nM38U813xXQ0L2E1uK8pQh7k0k4UsZv9gndvdSSe+9s0Qgs9MLv8QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0; BOIE9;ENUS)
-
watermark
100000
Targets
-
-
Target
7ab661b971e6fbb1b6cd8b342d64a012fb6df3b37fc6a5fafabe22fb14e8656c
-
Size
259KB
-
MD5
23c72a5193f84a6ac14791e471e5d6fd
-
SHA1
441e776c71c874d7933e6c191205d5daf97fd5fd
-
SHA256
7ab661b971e6fbb1b6cd8b342d64a012fb6df3b37fc6a5fafabe22fb14e8656c
-
SHA512
5c0004870a2ea2694bb2866d80a81621b43cf635a223d7e2abd35580de7aaebfa525199b4e4a1e1951bf07d8c371695a7d152b19882430c8ae3545b961cc8354
-
SSDEEP
6144:uJqVG5d1IpMyibgkTZI6jHID90aKBX1H/:u3d6tevox6BXZ
Score3/10 -