General
-
Target
d8cca32c2f4261b2105be941a6f193b51ecbdf2fa79ed846bc9c7dbb17efb8cd
-
Size
208KB
-
Sample
230912-e8v2vsdc7v
-
MD5
150f927e80f301beed5067d68f2e672f
-
SHA1
545d50d84312c1922416127de43c26723e94c3b9
-
SHA256
d8cca32c2f4261b2105be941a6f193b51ecbdf2fa79ed846bc9c7dbb17efb8cd
-
SHA512
5a65f56a1a7ece146ea9a375a9e7cb4547716443071652125d9ddabc2ce62156c398711c79d5fedac179105bedc59231632271de6601e2ac3310723cb5bfa010
-
SSDEEP
3072:LI6CqRCxffkClZ8Ccn7LQlRw6x+Y3CxT2DtK5jdUuY57:LIDff9D8C6XYRw6MT2DEj
Behavioral task
behavioral1
Sample
d8cca32c2f4261b2105be941a6f193b51ecbdf2fa79ed846bc9c7dbb17efb8cd.dll
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
d8cca32c2f4261b2105be941a6f193b51ecbdf2fa79ed846bc9c7dbb17efb8cd.dll
Resource
win10v2004-20230831-en
Malware Config
Extracted
cobaltstrike
100000
http://138.2.118.80:8080/pixel.gif
-
access_type
512
-
host
138.2.118.80,/pixel.gif
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
8080
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCe+qwgwJxYfwHpn1zmtigG0dgRrGwhzJh7pMHCXkkx9gVw1DaUrZF/XmSQ+IKKzmgSBprd1KNmMr/84pISBZ5UP1BtA5mst8zAVecmG31VqGNA/Z/MDtF34+6SA5LqElsdDzrv+4pVTe+T5Ps0FapzycYgSo1cnJJB1ijkSTDr3wIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727)
-
watermark
100000
Targets
-
-
Target
d8cca32c2f4261b2105be941a6f193b51ecbdf2fa79ed846bc9c7dbb17efb8cd
-
Size
208KB
-
MD5
150f927e80f301beed5067d68f2e672f
-
SHA1
545d50d84312c1922416127de43c26723e94c3b9
-
SHA256
d8cca32c2f4261b2105be941a6f193b51ecbdf2fa79ed846bc9c7dbb17efb8cd
-
SHA512
5a65f56a1a7ece146ea9a375a9e7cb4547716443071652125d9ddabc2ce62156c398711c79d5fedac179105bedc59231632271de6601e2ac3310723cb5bfa010
-
SSDEEP
3072:LI6CqRCxffkClZ8Ccn7LQlRw6x+Y3CxT2DtK5jdUuY57:LIDff9D8C6XYRw6MT2DEj
Score5/10-
Drops file in System32 directory
-