General
-
Target
lilyline.7z
-
Size
2.1MB
-
Sample
230908-nwdrgsbc93
-
MD5
17e00d23f6a5c925cee0ad48a1c1ffb3
-
SHA1
b5cde6b904373ade9d4645cd8196f1ce4d8348af
-
SHA256
f7556b4f9da6ccda2a040e49a565bd079b3d7b60741e0825aea10bc5057cb425
-
SHA512
12eed913248e3d45a40dea8820820aecadacd4fc9683bd979776750f5e0e6d1fc72551aa5e358a822bb8b813a6691b73cf4664030bcdaaab0c51c93179225b02
-
SSDEEP
49152:5h8PLPIKRt08A5zVXgnNQKxiN6/waP7fFqZT5l4jV90Eoiwwiw0:5h8P7lDpARqQK3/xbEZT5l4j7RovwY
Static task
static1
Behavioral task
behavioral1
Sample
Shelm/pad.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
Shelm/pad.exe
Resource
win10v2004-20230831-en
Behavioral task
behavioral3
Sample
proxys.exe
Resource
win7-20230831-en
Behavioral task
behavioral4
Sample
proxys.exe
Resource
win10v2004-20230831-en
Malware Config
Extracted
cobaltstrike
100000
http://home.firefoxchina.cn:80/audiencemanager.js
-
access_type
512
-
host
home.firefoxchina.cn,/audiencemanager.js
-
http_header1
AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAABAAAAAaSG9zdDogc3RhdGljLm1pY3Jvc29mdC5jb20AAAAKAAAAJlJlZmVyZXI6IGh0dHBzOi8vc3RhdGljLm1pY3Jvc29mdC5jb20vAAAACgAAAB5BY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUAAAAHAAAAAAAAAA0AAAACAAAACF9fbXMtY3Y9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAABAAAAAVSG9zdDogY2RuLmJvb3Rjc3MuY29tAAAACgAAACBSZWZlcmVyOiBodHRwOi8vY2RuLmJvb3Rjc3MuY29tLwAAAAoAAAAeQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlAAAABwAAAAAAAAANAAAABQAAAAdfX21zLWN2AAAABwAAAAEAAAANAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
9472
-
polling_time
30000
-
port_number
80
-
sc_process32
%windir%\syswow64\runonce.exe
-
sc_process64
%windir%\sysnative\runonce.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCjEd1ZZy3zJB1ANINO0XVDAXe3oi+OWyftkzo9D4JdY27p0ox7K+n/zZ4fDt2w0xOZvJhiG67zWEpYQGOlEyZ6j+2I1GDmfiUR+jzJOVCXBvUAbCgPuuY59hzxUNk1QNfSJo30f2b4E8k8ls+H+Rc7nviDkQv2ldXvG0CIZHhIswIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
1.435374848e+09
-
unknown2
AAAABAAAAAEAAAf+AAAAAgAAIUwAAAACAAAPtQAAAA0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/audiencemanager-v2.js
-
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4044.62 Safari/537.36
-
watermark
100000
Targets
-
-
Target
Shelm/pad.exe
-
Size
6.6MB
-
MD5
512f4350aee7eb50adf509008a3ad3ce
-
SHA1
b9eb9c56289e835739447925a0c085a9849a8f53
-
SHA256
64f7a36c01e79cd4b041e8a8607dff06d5b606d36e3dff9cfb5fffa22d14d34c
-
SHA512
9f8fc1871545abb446e76990c02ea648f3a588e1245f9140e86199a834b49d7410907925d471a4cb255f01176dc56d9099920db8f645938c32c66810cc14f649
-
SSDEEP
49152:hfvxdjdBT6fQ88jYf89GdJufo0HNoWzSMWPQYH09RU39h6b/tQxFezMZoRZXtSHj:bb4zEsqaMWEr8gQLACJir2wFXk/mol
Score10/10 -
-
-
Target
proxys.exe
-
Size
524KB
-
MD5
ae7bff13f258bb560515b8bc14a74886
-
SHA1
19510d23a27aeeb06808b5904151e1b246091ed9
-
SHA256
24642ecd754edd6cac230971f6920083e2e7d2e46f69b89115addace10927d0a
-
SHA512
0751e6ce6e9a1deeccad2ffe9e3b1aa2ffc91f219c2e46850e2d2bd472a2eab289b16bfc6140717482cb60f5a04119a97ae53941b89a87187aea894a08d765a9
-
SSDEEP
12288:JXL3sjP2pGFZvsJWKRW1RyY17IF3DgkExI/y8xtwURd:JXLoP2mZ0cKzBDQIXxX
Score1/10 -