General
-
Target
7064244922c5e1f8e345d25137c7e3f69fdf1b9987b1c4870e29f15d01096fa5
-
Size
7.6MB
-
Sample
230830-3hr5aabh29
-
MD5
43debafbb713c0e027d8e50090b89b59
-
SHA1
696c57d149d06d24447611bfe53bb16ab452d7a5
-
SHA256
7064244922c5e1f8e345d25137c7e3f69fdf1b9987b1c4870e29f15d01096fa5
-
SHA512
eb18586223b937acf5f46c9b4bcb9f38970d60325c4f856570b25a261ebc87fa7f4b7e74c48c3a316f73c205c4f9528586f18c72e1f9c0add6ba072dcc3cdf11
-
SSDEEP
196608:CeY0sQOz7iDfyGR21X5Sp6GemDMPw0NHW2+YPnkyR:XY0sl7iDfDspfaMPOA
Behavioral task
behavioral1
Sample
7064244922c5e1f8e345d25137c7e3f69fdf1b9987b1c4870e29f15d01096fa5.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
7064244922c5e1f8e345d25137c7e3f69fdf1b9987b1c4870e29f15d01096fa5.exe
Resource
win10v2004-20230824-en
Malware Config
Extracted
cobaltstrike
http://119.3.177.241:8888/Yhf6
-
user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/5.0)
Extracted
cobaltstrike
100000
http://119.3.177.241:8888/activity
-
access_type
512
-
host
119.3.177.241,/activity
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
8888
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCYWGnCK3yIBrh+3iB1BRTsqIt+Lt6zA8e3Smr9rVXdLrowL/CDbqMAH8bc4oEo810pkFMl4CGIF3KtsM0GwrvtcaPMhYueGoSaxE+VatKRrNdhBmQQ02Av/RmRwKJgXbeOQlxJmw2CPDfOwVbThPai6bO70CaZO27GwhyubAqX7QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; ; NCLIENT50_AAPCDA5841E333)
-
watermark
100000
Extracted
cobaltstrike
0
-
watermark
0
Targets
-
-
Target
7064244922c5e1f8e345d25137c7e3f69fdf1b9987b1c4870e29f15d01096fa5
-
Size
7.6MB
-
MD5
43debafbb713c0e027d8e50090b89b59
-
SHA1
696c57d149d06d24447611bfe53bb16ab452d7a5
-
SHA256
7064244922c5e1f8e345d25137c7e3f69fdf1b9987b1c4870e29f15d01096fa5
-
SHA512
eb18586223b937acf5f46c9b4bcb9f38970d60325c4f856570b25a261ebc87fa7f4b7e74c48c3a316f73c205c4f9528586f18c72e1f9c0add6ba072dcc3cdf11
-
SSDEEP
196608:CeY0sQOz7iDfyGR21X5Sp6GemDMPw0NHW2+YPnkyR:XY0sl7iDfDspfaMPOA
Score10/10-
Loads dropped DLL
-
Drops file in System32 directory
-