General
-
Target
a1a90cf9ef290e6a6e230535bab529ac59745e256b3b737c885a727be1d0d5ed
-
Size
208KB
-
Sample
230924-cw29asdf66
-
MD5
9f79ee0aa51cb50eb2d84d745fe50fef
-
SHA1
d35ddef80b9d43609cd560475e05eb233fbd4c4f
-
SHA256
a1a90cf9ef290e6a6e230535bab529ac59745e256b3b737c885a727be1d0d5ed
-
SHA512
0a9d66d766050f5fcfa46d63f8775c04572fb5802e8255a25ee205dbaade26e7d9a483c4f4b262a5f56a760592159eca80fcc8a2d2c86e4ccac90b387ecac50f
-
SSDEEP
3072:LI6CqRCxffkClZ8Ccn7LQlRw6x+Y3CxT2DtK5jdU8Y5Y:LIDff9D8C6XYRw6MT2DEj
Behavioral task
behavioral1
Sample
a1a90cf9ef290e6a6e230535bab529ac59745e256b3b737c885a727be1d0d5ed.dll
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
a1a90cf9ef290e6a6e230535bab529ac59745e256b3b737c885a727be1d0d5ed.dll
Resource
win10v2004-20230915-en
Malware Config
Extracted
cobaltstrike
100000
http://172.19.31.15:80/match
-
access_type
512
-
host
172.19.31.15,/match
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
80
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCinJU55hyTE9676kPyA+fLPvEjAb3QRdkyptacTS2NIioQqZSTKxQrN6TaBvg7BDUdnfbT3iEzi08STsO9KX2NqL1LWvJ3tzdIdQlmxb86hK3xP/v9xzYpa9mQK8SNUTgVZnz8NNAKilV25RAbRZ4e4SzBMCy7Jpy9uSOOlb9qyQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; ASU2JS)
-
watermark
100000
Targets
-
-
Target
a1a90cf9ef290e6a6e230535bab529ac59745e256b3b737c885a727be1d0d5ed
-
Size
208KB
-
MD5
9f79ee0aa51cb50eb2d84d745fe50fef
-
SHA1
d35ddef80b9d43609cd560475e05eb233fbd4c4f
-
SHA256
a1a90cf9ef290e6a6e230535bab529ac59745e256b3b737c885a727be1d0d5ed
-
SHA512
0a9d66d766050f5fcfa46d63f8775c04572fb5802e8255a25ee205dbaade26e7d9a483c4f4b262a5f56a760592159eca80fcc8a2d2c86e4ccac90b387ecac50f
-
SSDEEP
3072:LI6CqRCxffkClZ8Ccn7LQlRw6x+Y3CxT2DtK5jdU8Y5Y:LIDff9D8C6XYRw6MT2DEj
Score3/10 -