General
-
Target
014c1c4c224823e08cc0bf9af56df6051cc56c9fbe2f50b744bf8f618023f7b1
-
Size
208KB
-
Sample
230930-rtpmraee74
-
MD5
79ff31afc8961d340616b4c26f442416
-
SHA1
7bd528f2fb735e0cede0880f608624ed0acd8817
-
SHA256
014c1c4c224823e08cc0bf9af56df6051cc56c9fbe2f50b744bf8f618023f7b1
-
SHA512
bedaf51597ce5f9ec67798083a6c625cdd549632f149bb3390e31561db40bc2168b827791c03fc31d311b7af531681a5a1213fd1c5f3475830874ddc5253d471
-
SSDEEP
3072:LI6CqRCxffkClZ8Ccn7LQlRw6x+Y3CxT2DtK5jdUhlY5k:LIDff9D8C6XYRw6MT2DEj
Behavioral task
behavioral1
Sample
014c1c4c224823e08cc0bf9af56df6051cc56c9fbe2f50b744bf8f618023f7b1.dll
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
014c1c4c224823e08cc0bf9af56df6051cc56c9fbe2f50b744bf8f618023f7b1.dll
Resource
win10v2004-20230915-en
Malware Config
Extracted
cobaltstrike
100000
http://43.154.14.120:80/push
-
access_type
512
-
host
43.154.14.120,/push
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
80
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCRGzWu6serR9hAk6oKsEaq6XJQT8QSt3tUQQ/bJxtSQm0UJ0L0UorAVqC7rN0Qw27S+qm/JxM5VhCTz36gH2cd4tPRKK+j1PZIgxqPCQX5mWx/vKeQu9MUQCN5vvnqauoDSmwDVKPCYSYV75ewTFqNWzET1o5vy7EG73fF0V2qGQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NP02)
-
watermark
100000
Targets
-
-
Target
014c1c4c224823e08cc0bf9af56df6051cc56c9fbe2f50b744bf8f618023f7b1
-
Size
208KB
-
MD5
79ff31afc8961d340616b4c26f442416
-
SHA1
7bd528f2fb735e0cede0880f608624ed0acd8817
-
SHA256
014c1c4c224823e08cc0bf9af56df6051cc56c9fbe2f50b744bf8f618023f7b1
-
SHA512
bedaf51597ce5f9ec67798083a6c625cdd549632f149bb3390e31561db40bc2168b827791c03fc31d311b7af531681a5a1213fd1c5f3475830874ddc5253d471
-
SSDEEP
3072:LI6CqRCxffkClZ8Ccn7LQlRw6x+Y3CxT2DtK5jdUhlY5k:LIDff9D8C6XYRw6MT2DEj
Score3/10 -