General
-
Target
dfc7edf1c78ecbd66f71ffa2b90ed14afa8163eb752650f3a411b780006a5127
-
Size
1.1MB
-
Sample
230914-qhp9gaeg62
-
MD5
8d8fe0914ac639be97c5d75898313a36
-
SHA1
207c7ccfc53dbcec01d70a412118752331fcecac
-
SHA256
dfc7edf1c78ecbd66f71ffa2b90ed14afa8163eb752650f3a411b780006a5127
-
SHA512
f02ec82c8e3cd9c5965c0ff1f1dc6f7796834ea16a76b342a6de104506c6d2d400aa99162d01194d374796bdaf666a17cdf8eee0865d6cafd742abe74e604edb
-
SSDEEP
24576:+GHCm8uPdJhdZDWTBaAOXmjZ3Jn9opwfUZQr304Dh3A9g1rCPZV4E:DuWPHACGJnepwMZQrk4DskCRV/
Static task
static1
Behavioral task
behavioral1
Sample
dfc7edf1c78ecbd66f71ffa2b90ed14afa8163eb752650f3a411b780006a5127.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
dfc7edf1c78ecbd66f71ffa2b90ed14afa8163eb752650f3a411b780006a5127.exe
Resource
win10v2004-20230831-en
Malware Config
Extracted
cobaltstrike
100000
http://206.237.17.176:8443/pixel.gif
-
access_type
512
-
beacon_type
2048
-
host
206.237.17.176,/pixel.gif
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
8443
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvjuYvf60BtyAlDz4ZCanpB8v1IvFxQcW0TQKIZjXTFbkjUyweLLei6qqrEnPa5Zigs2v9ivFyBLwSLlcZeg2LLxUz67Ka+ee/AVGG0bSX3Kye/QF6mz7qIXer/C0A9AJjUQdYKU62tbjZXdbQuTnUZ/kC0NB6CCi7Q8fhDbpsrwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0)
-
watermark
100000
Extracted
cobaltstrike
0
-
watermark
0
Targets
-
-
Target
dfc7edf1c78ecbd66f71ffa2b90ed14afa8163eb752650f3a411b780006a5127
-
Size
1.1MB
-
MD5
8d8fe0914ac639be97c5d75898313a36
-
SHA1
207c7ccfc53dbcec01d70a412118752331fcecac
-
SHA256
dfc7edf1c78ecbd66f71ffa2b90ed14afa8163eb752650f3a411b780006a5127
-
SHA512
f02ec82c8e3cd9c5965c0ff1f1dc6f7796834ea16a76b342a6de104506c6d2d400aa99162d01194d374796bdaf666a17cdf8eee0865d6cafd742abe74e604edb
-
SSDEEP
24576:+GHCm8uPdJhdZDWTBaAOXmjZ3Jn9opwfUZQr304Dh3A9g1rCPZV4E:DuWPHACGJnepwMZQrk4DskCRV/
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-