General
-
Target
1220ef0de12bb2068466d464cc69bf5f5e1110d727047db13f587502d34867b3
-
Size
259KB
-
Sample
230926-pprkfaae62
-
MD5
47f7c8cfd89ce6ff589d78c53af2fd11
-
SHA1
306ffefac0b051ad60e483966ecc6574708d02f6
-
SHA256
1220ef0de12bb2068466d464cc69bf5f5e1110d727047db13f587502d34867b3
-
SHA512
50787ab13d7d9a88941b5475b98ed1b2ae49b597392f4885dd3e92b7d005d0ef294e118bb426dc1749c3932e237858c22f7630972d85c7e95ac670e0c5ebb195
-
SSDEEP
6144:uJqXG5d1Ip8yibgkTZI6jHID90aUBX5H/:u9d6devoxkBXV
Behavioral task
behavioral1
Sample
1220ef0de12bb2068466d464cc69bf5f5e1110d727047db13f587502d34867b3.dll
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
1220ef0de12bb2068466d464cc69bf5f5e1110d727047db13f587502d34867b3.dll
Resource
win10v2004-20230915-en
Malware Config
Extracted
cobaltstrike
100000
http://175.178.242.75:50001/cm
-
access_type
512
-
host
175.178.242.75,/cm
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
50001
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDLQ5AMcNSVooiCrsRM95zzE9ob77EWd2GQsFi6SkDOuIDRwlDswPoroaI1LpZy5mC4sox5POOBTA+NUWHfRPbHZr7r54+fNAOJfKZnlIVvUec5ZQ25sxBeOT3x3AVkBZRdArMuZV7IZsESIp1Ew83OahtS6shY7uXcmRxz7PUFqwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
-
watermark
100000
Targets
-
-
Target
1220ef0de12bb2068466d464cc69bf5f5e1110d727047db13f587502d34867b3
-
Size
259KB
-
MD5
47f7c8cfd89ce6ff589d78c53af2fd11
-
SHA1
306ffefac0b051ad60e483966ecc6574708d02f6
-
SHA256
1220ef0de12bb2068466d464cc69bf5f5e1110d727047db13f587502d34867b3
-
SHA512
50787ab13d7d9a88941b5475b98ed1b2ae49b597392f4885dd3e92b7d005d0ef294e118bb426dc1749c3932e237858c22f7630972d85c7e95ac670e0c5ebb195
-
SSDEEP
6144:uJqXG5d1Ip8yibgkTZI6jHID90aUBX5H/:u9d6devoxkBXV
Score1/10 -