General
-
Target
ad13edebad6e7f683c487f94d4d4d4209cea770a9dfc757df8a94d9059d75cfd
-
Size
4.5MB
-
Sample
230907-c8x54sdh9w
-
MD5
22dae34bbb5f71141542cb92c9abbd6f
-
SHA1
798d36d8f5f357fb8f2dc1d52a367f13d8721fcd
-
SHA256
ad13edebad6e7f683c487f94d4d4d4209cea770a9dfc757df8a94d9059d75cfd
-
SHA512
57be7b21852f7c47cab82c0eb27f3eb07d3dbe9b9790598c4b8baecbaf4767fdeac5e7ac1bb41eb4b328ad870d5c170d5844998345ed9cfa11814ea6ddad2ccd
-
SSDEEP
49152:aAPuOT+3x3Dwarb/T2vO90d7HjmAFd4A64nsfJcIrJ6d0lZETpvoCFEFKwKl81RP:Y3DrmCZ/G8pE9J
Static task
static1
Behavioral task
behavioral1
Sample
ad13edebad6e7f683c487f94d4d4d4209cea770a9dfc757df8a94d9059d75cfd.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
ad13edebad6e7f683c487f94d4d4d4209cea770a9dfc757df8a94d9059d75cfd.exe
Resource
win10v2004-20230831-en
Malware Config
Extracted
cobaltstrike
http://139.180.159.96:443a0zKz1YQVFvYxEWe1YxM
-
user_agent
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Extracted
cobaltstrike
100000
http://139.180.159.96:443/c/qqdownload/update/others/2021/12/29136388_
-
access_type
512
-
beacon_type
2048
-
host
139.180.159.96,/c/qqdownload/update/others/2021/12/29136388_
-
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAABAAAAAaSG9zdDogZG93bmxvYWQudGVuY2VudC5jb20AAAAKAAAAGlNlYy1GZXRjaC1TaXRlOiBjcm9zcy1zaXRlAAAACgAAABVTZWMtRmV0Y2gtRGVzdDogaW1hZ2UAAAAKAAAAHkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQAAAAoAAAAfQWNjZXB0LUxhbmd1YWdlOiB6aC1DTix6aDtxPTAuOQAAAAcAAAAAAAAAAwAAAAIAAAAMc2Vuc29yc2RhdGE9AAAAAgAAABRwZ3ZfcHZpPTU4NzQyNTg0Mjk7IAAAAAIAAAAeX19yb290X2RvbWFpbl92PS50ZW5jZW50LmNvbTsgAAAAAQAAABw7IF9xZGRhej1RRC41ODc0NTY4NzE1MTY1NzE7AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAABAAAAAaSG9zdDogZG93bmxvYWQudGVuY2VudC5jb20AAAAKAAAAHkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQAAAAoAAAAfQWNjZXB0LUxhbmd1YWdlOiB6aC1DTix6aDtxPTAuOQAAAAcAAAAAAAAAAgAAAAxzZW5zb3JzZGF0YT0AAAACAAAAFHBndl9wdmk9NTg3NDI1ODQyOTsgAAAAAgAAAB5fX3Jvb3RfZG9tYWluX3Y9LnRlbmNlbnQuY29tOyAAAAABAAAAHDsgX3FkZGF6PVFELjU4NzQ1Njg3MTUxNjU3MTsAAAAGAAAABkNvb2tpZQAAAAcAAAABAAAADQAAAAEAAAAELmNhYgAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
5120
-
polling_time
60000
-
port_number
443
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCLhfaxIi1ZSpnzZa/titxJFMRsRZiBhD6nFxcw6m23B6ltHakrFKpQGKjz5h1m+F3lDS11amNbgcOepiUhWLg3umvOKmZyh8GZXX9QSgbBu706qJvOVHmnlaZVzxr/gU6UAsSG0qbmbUp05ukARDufQnockKQYOwesWiYbIZeTsQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
3.976536064e+09
-
unknown2
AAAABAAAAAEAAANEAAAAAgAAAqkAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown3
1.610612736e+09
-
uri
/c/qqdownload/update/others/2021/12/3215234_
-
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
-
watermark
100000
Targets
-
-
Target
ad13edebad6e7f683c487f94d4d4d4209cea770a9dfc757df8a94d9059d75cfd
-
Size
4.5MB
-
MD5
22dae34bbb5f71141542cb92c9abbd6f
-
SHA1
798d36d8f5f357fb8f2dc1d52a367f13d8721fcd
-
SHA256
ad13edebad6e7f683c487f94d4d4d4209cea770a9dfc757df8a94d9059d75cfd
-
SHA512
57be7b21852f7c47cab82c0eb27f3eb07d3dbe9b9790598c4b8baecbaf4767fdeac5e7ac1bb41eb4b328ad870d5c170d5844998345ed9cfa11814ea6ddad2ccd
-
SSDEEP
49152:aAPuOT+3x3Dwarb/T2vO90d7HjmAFd4A64nsfJcIrJ6d0lZETpvoCFEFKwKl81RP:Y3DrmCZ/G8pE9J
Score10/10 -