General
-
Target
dcc1f7ed8d561dcc32079a527f0e920b332a749e831118b32e0fcbce5fc9dc61
-
Size
508KB
-
Sample
230908-mrst6sag98
-
MD5
a864f9c58723791971b9fe82e48391da
-
SHA1
af1c919f0423387aab99cb0300670360c3ca871f
-
SHA256
dcc1f7ed8d561dcc32079a527f0e920b332a749e831118b32e0fcbce5fc9dc61
-
SHA512
8753b7572aa2606dcdd5926446af815a98f74d868b8afa3b8b0893841d6c9be9369d5cdd666a17d9a316cbf4ebe4893febc72cf9e7b309f06e74a0dad9de8964
-
SSDEEP
12288:8MnV9fsiCnoil/HjeSWa2urfrxxYVNP9Fun67MeFzlGyFSPvZr9rK:8MnHUi4oilvjeSWa2urfrxxYVNP9FunC
Malware Config
Extracted
cobaltstrike
0
-
watermark
0
Extracted
cobaltstrike
100000
http://43.153.222.28:4646/en_US/all.js
-
access_type
512
-
host
43.153.222.28,/en_US/all.js
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
4646
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCPwjCZRkIjRN92nugrS5l0384q/BWQnN0JKM8QSNJru7gg5JibPdKhwgWse4/vRHpd9eu0wpSN1kxhMXC0GOhRg/TRyv5q41zzWurCIOHq13S55c+J/27HYD/DBLtL+5BWbXx9lhM38OGBxcVec4FxCLotANPMB+vOv/rVa32tYQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; ASU2JS)
-
watermark
100000
Targets
-
-
Target
dcc1f7ed8d561dcc32079a527f0e920b332a749e831118b32e0fcbce5fc9dc61
-
Size
508KB
-
MD5
a864f9c58723791971b9fe82e48391da
-
SHA1
af1c919f0423387aab99cb0300670360c3ca871f
-
SHA256
dcc1f7ed8d561dcc32079a527f0e920b332a749e831118b32e0fcbce5fc9dc61
-
SHA512
8753b7572aa2606dcdd5926446af815a98f74d868b8afa3b8b0893841d6c9be9369d5cdd666a17d9a316cbf4ebe4893febc72cf9e7b309f06e74a0dad9de8964
-
SSDEEP
12288:8MnV9fsiCnoil/HjeSWa2urfrxxYVNP9Fun67MeFzlGyFSPvZr9rK:8MnHUi4oilvjeSWa2urfrxxYVNP9FunC
Score10/10-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-