General
-
Target
c505233d5b8175299273325a1846784b86ce2ade882b3cf527f020b95ef6eebb
-
Size
15KB
-
Sample
230916-mvj2facg46
-
MD5
426edbacff026148f3823c2c0c4ee271
-
SHA1
f128d2bec6800d9a69e10153107a3c6d8c53b07a
-
SHA256
c505233d5b8175299273325a1846784b86ce2ade882b3cf527f020b95ef6eebb
-
SHA512
95165b6a999ffc2f1b80ae88340e9ff4d33c4c39ca459f52a0cb9502143eef6a76e776a1999b79cd34d0ab6e64985c0f0e05c2c90cf2d1295d30d9fb9945e564
-
SSDEEP
192:+Mx4B6IX5rCFMYg+wKUAvTepRC7kbTLehhqeQkVLDPTRZ/4sFxCoAfu0assgAV2R:F4JXxRewmTFg/LrBkJDf/4s5A/3B
Static task
static1
Behavioral task
behavioral1
Sample
c505233d5b8175299273325a1846784b86ce2ade882b3cf527f020b95ef6eebb.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
c505233d5b8175299273325a1846784b86ce2ade882b3cf527f020b95ef6eebb.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
cobaltstrike
http://82.157.166.165:8080/jRJW
-
user_agent
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727)
Extracted
cobaltstrike
100000
http://82.157.166.165:8080/__utm.gif
-
access_type
512
-
host
82.157.166.165,/__utm.gif
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
8080
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDqK29SxufJqdgpupLic5F+YVNIDxLCa4q3t7geTlQXFibuvwBkEpAp43SIz6aKvs4e0rZx+boI0qz4e+UNcN1Jypz+96TsxgYs/6y5EY6jkpDgAGpU7bR9ng3m18OTBcLUPlVIhyAjWtmLFNNBA79nHPHI7fzyJS8MFTVMEKocKQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1)
-
watermark
100000
Extracted
cobaltstrike
0
-
watermark
0
Targets
-
-
Target
c505233d5b8175299273325a1846784b86ce2ade882b3cf527f020b95ef6eebb
-
Size
15KB
-
MD5
426edbacff026148f3823c2c0c4ee271
-
SHA1
f128d2bec6800d9a69e10153107a3c6d8c53b07a
-
SHA256
c505233d5b8175299273325a1846784b86ce2ade882b3cf527f020b95ef6eebb
-
SHA512
95165b6a999ffc2f1b80ae88340e9ff4d33c4c39ca459f52a0cb9502143eef6a76e776a1999b79cd34d0ab6e64985c0f0e05c2c90cf2d1295d30d9fb9945e564
-
SSDEEP
192:+Mx4B6IX5rCFMYg+wKUAvTepRC7kbTLehhqeQkVLDPTRZ/4sFxCoAfu0assgAV2R:F4JXxRewmTFg/LrBkJDf/4s5A/3B
Score10/10 -