General
-
Target
985aeb70b91dd14a84ba45d51a041a48db6a6af5b3f5bf668bd986f1a67ad07e
-
Size
259KB
-
Sample
230914-3gtaysae86
-
MD5
850b311135502749b800e16f90b1fb74
-
SHA1
6948966b683f6cc4a1d97c1c5a2c7143550705d1
-
SHA256
985aeb70b91dd14a84ba45d51a041a48db6a6af5b3f5bf668bd986f1a67ad07e
-
SHA512
82630e068fa31d363efdbe129cef894e25696a76634728c280720ce7603c65c21059387e29c5ff40904b4c01d0d1edfdf3417dbc06ef8910fea3bfa5f84234b2
-
SSDEEP
6144:fJqVG5d1IpMyibgkTZI6jHID90awrBXzH/:f3d6tevoxArBXD
Behavioral task
behavioral1
Sample
985aeb70b91dd14a84ba45d51a041a48db6a6af5b3f5bf668bd986f1a67ad07e.dll
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
985aeb70b91dd14a84ba45d51a041a48db6a6af5b3f5bf668bd986f1a67ad07e.dll
Resource
win10v2004-20230831-en
Malware Config
Extracted
cobaltstrike
100000
http://210.209.125.194:443/www/handle/doc
-
access_type
512
-
beacon_type
2048
-
host
210.209.125.194,/www/handle/doc
-
http_header1
AAAABwAAAAAAAAANAAAAAgAAAApTRVNTSU9OSUQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAABwAAAAAAAAAPAAAACwAAAAIAAAAFdXNlcj0AAAABAAAAAiUlAAAABgAAAARVc2VyAAAABwAAAAEAAAAPAAAADQAAAAIAAAAFZGF0YT0AAAABAAAAAiUlAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
1792
-
polling_time
3000
-
port_number
443
-
sc_process32
c:\windows\syswow64\rundll32.exe
-
sc_process64
c:\windows\system32\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFXOU7bUV48JlF/5Sbhqjxm/3rcnkqF4IsP6G33gPWgIUJt5FfLK937FaEqcHwb+P0tEiy0sR/IFqluC5mmY8qN5kkHdr6f8uimyc449GTaeHfbEvHkSVl2coGNhfovH4avwGdC3psvWipNbCkhJnGgcx7i9wTWVWScFlgYolq3wIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
2.51666432e+08
-
unknown2
AAAABAAAAAEAAAACAAAAAgAAAAUAAAAIAAAADwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/IMXo
-
user_agent
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
-
watermark
100000
Targets
-
-
Target
985aeb70b91dd14a84ba45d51a041a48db6a6af5b3f5bf668bd986f1a67ad07e
-
Size
259KB
-
MD5
850b311135502749b800e16f90b1fb74
-
SHA1
6948966b683f6cc4a1d97c1c5a2c7143550705d1
-
SHA256
985aeb70b91dd14a84ba45d51a041a48db6a6af5b3f5bf668bd986f1a67ad07e
-
SHA512
82630e068fa31d363efdbe129cef894e25696a76634728c280720ce7603c65c21059387e29c5ff40904b4c01d0d1edfdf3417dbc06ef8910fea3bfa5f84234b2
-
SSDEEP
6144:fJqVG5d1IpMyibgkTZI6jHID90awrBXzH/:f3d6tevoxArBXD
Score5/10-
Drops file in System32 directory
-