General
-
Target
61654cd9e869d9e105318c687296ee1d0f021914e9b2de14b053f8711f0728e2
-
Size
103KB
-
Sample
230904-v66zcahf5z
-
MD5
a751b63ac0c3a833134d22b0dd511978
-
SHA1
4d5010e1e7958f32867e2419a3237186b217b4ab
-
SHA256
61654cd9e869d9e105318c687296ee1d0f021914e9b2de14b053f8711f0728e2
-
SHA512
1638954109a5d242b0d1d413d9596b66f23acc29a46194746837c3ab1433710353dd3773c208bb46f5a49bb0d97e4866f4d62c6cbbbbb5e9c5d38c2e0b26ef5e
-
SSDEEP
3072:gd8Hux5+6W1Y8hrEitoNFNUVaPvOSXDv/7/YT:e3+l1YWrjKLQT
Static task
static1
Behavioral task
behavioral1
Sample
61654cd9e869d9e105318c687296ee1d0f021914e9b2de14b053f8711f0728e2.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
61654cd9e869d9e105318c687296ee1d0f021914e9b2de14b053f8711f0728e2.exe
Resource
win10v2004-20230831-en
Malware Config
Extracted
cobaltstrike
http://43.153.222.28:4646/qPc9
-
user_agent
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.1)
Extracted
cobaltstrike
100000
http://43.153.222.28:4646/cm
-
access_type
512
-
host
43.153.222.28,/cm
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
4646
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCPwjCZRkIjRN92nugrS5l0384q/BWQnN0JKM8QSNJru7gg5JibPdKhwgWse4/vRHpd9eu0wpSN1kxhMXC0GOhRg/TRyv5q41zzWurCIOHq13S55c+J/27HYD/DBLtL+5BWbXx9lhM38OGBxcVec4FxCLotANPMB+vOv/rVa32tYQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; yie9)
-
watermark
100000
Extracted
cobaltstrike
0
-
watermark
0
Targets
-
-
Target
61654cd9e869d9e105318c687296ee1d0f021914e9b2de14b053f8711f0728e2
-
Size
103KB
-
MD5
a751b63ac0c3a833134d22b0dd511978
-
SHA1
4d5010e1e7958f32867e2419a3237186b217b4ab
-
SHA256
61654cd9e869d9e105318c687296ee1d0f021914e9b2de14b053f8711f0728e2
-
SHA512
1638954109a5d242b0d1d413d9596b66f23acc29a46194746837c3ab1433710353dd3773c208bb46f5a49bb0d97e4866f4d62c6cbbbbb5e9c5d38c2e0b26ef5e
-
SSDEEP
3072:gd8Hux5+6W1Y8hrEitoNFNUVaPvOSXDv/7/YT:e3+l1YWrjKLQT
Score10/10 -