General
-
Target
voreo3q0.rar
-
Size
72KB
-
Sample
230909-fgfcrshd55
-
MD5
4a7eaa36cd73d4a8a9730d1b596bd91c
-
SHA1
ae262e29a3f460f824a2efc4fa5cb2fc6b76ebf4
-
SHA256
b0396539650785973229406221a7ed305a9083a82b245c887ffdab721f889ac8
-
SHA512
f0c8e626303c4bd46ded34cebbb1ea722e007044faf8fd6b11065bcb053b4a693034dc9d65379a981881db5e6088dd39b21f993c5596aeaccdaa8e00203443dd
-
SSDEEP
1536:9b4qsB2jo+pp4v8of4rKtOToH3P80JMyXDG2P0c73EgFH:V7o0pEgreFXUkzG28U3Egx
Static task
static1
Behavioral task
behavioral1
Sample
专项查杀工具-信息中心20230831.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
专项查杀工具-信息中心20230831.exe
Resource
win10v2004-20230831-en
Malware Config
Extracted
cobaltstrike
http://47.96.174.24:88/VmWC
-
user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0; BOIE9;ENUSMSNIP)
Extracted
cobaltstrike
100000
http://47.96.174.24:88/dot.gif
-
access_type
512
-
host
47.96.174.24,/dot.gif
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
88
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCW2YBojWiu4JqVZa2JVdlnT/bI4tNoctW0OdnrpURu/OsCmCO+Gm50Wo6DNIWo6M6Xm7v/mZKlCe0ux9l1J3N6upyLQUsMfxMdtfXtpqrO4x2a/79CpLCD0Km4wC2aDW1rkVfQhejl4wET2kwKYDfYuZ9RSIJ3odyn+Qro7WTBAQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENXA)
-
watermark
100000
Extracted
cobaltstrike
0
-
watermark
0
Targets
-
-
Target
专项查杀工具-信息中心20230831.exe
-
Size
149KB
-
MD5
b0a79041ffa540e33b9829633279d9fa
-
SHA1
f6fce0911806d282d51eb9c9de40c655ba8d8df3
-
SHA256
f370c6ebe338fc1d18f2acfade02cc037e64ef32756dbdf34d864df1f041fd48
-
SHA512
f3c6cab0d9fead95bc2fa76ee796176fa62e391b7278bb98ba29c35ca289391192c97f5c1abee0e0b9b88ff130db7ee1678d807cb73bd61731bdd0e7c35eff0a
-
SSDEEP
3072:Xa54/QqEmO7dDVpau8KYastPhu8CG/aHmaka:XKs3nORRpaxRul
Score10/10 -