General
-
Target
fede203cd32d0a24c555e6f733e7d9f6ce288daaf05b0e6dbb501959a06f3076
-
Size
259KB
-
Sample
231006-2vfrcaae97
-
MD5
468a30b0ce4341cdf189b0b62a36182a
-
SHA1
4b9ef7d6d7293c1005dab86ca18d0881047cee93
-
SHA256
fede203cd32d0a24c555e6f733e7d9f6ce288daaf05b0e6dbb501959a06f3076
-
SHA512
dfefcfdf1aed06041b10da492b4396bb6af78730518af0738155d33175dbc7ef85d09d7f4ecd4fd45935124ca38bb0dc8fbd0ceeb8115d46794465a86b2e96fe
-
SSDEEP
6144:fJqVG5d1IpjyibgkTZI6jHID90ahdBXWH/:f3d6QevoxjBXQ
Behavioral task
behavioral1
Sample
fede203cd32d0a24c555e6f733e7d9f6ce288daaf05b0e6dbb501959a06f3076.dll
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
fede203cd32d0a24c555e6f733e7d9f6ce288daaf05b0e6dbb501959a06f3076.dll
Resource
win10v2004-20230915-en
Malware Config
Extracted
cobaltstrike
100000
http://123.60.45.193:36892/5eN1bjq8AAUYm2zgoY3K/ll_9354efa.js
-
access_type
512
-
host
123.60.45.193,/5eN1bjq8AAUYm2zgoY3K/ll_9354efa.js
-
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAABAAAAATSG9zdDogd3d3LmJhaWR1LmNvbQAAAAoAAAAlQ29udGVudC1UeXBlOiB0ZXh0L2h0bWw7Y2hhcnNldD1VVEYtOAAAAAoAAAAXQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUAAAAHAAAAAAAAAAMAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAlQ29udGVudC1UeXBlOiB0ZXh0L2h0bWw7Y2hhcnNldD1VVEYtOAAAABAAAAAcSG9zdDogaGVjdG9yc3RhdGljLmJhaWR1LmNvbQAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAhZGNfcmVmPWh0dHAlM0ElMkYlMkZ3d3cuYmFpZHUuY29tAAAABwAAAAEAAAADAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
5000
-
port_number
36892
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCmjzP+cg173hRtbmxkXEFfoa7FY84s29F/wIb6ueWNbF1ux9bTSYsSzulXB6xPKx3+H8qdVIgOOnPhuYTlgXWAktDgx2YsfHSgkIGPflz+JGlDkONEVov7iNFY9a76t0AT0c7Eeglk2/XYiJyNvetfdgYGdT3m3TRy+lPXNULNPQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/hiscd37ed75a9387c5b.js
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:80.0) Gecko/20100101 Firefox/80.0
-
watermark
100000
Targets
-
-
Target
fede203cd32d0a24c555e6f733e7d9f6ce288daaf05b0e6dbb501959a06f3076
-
Size
259KB
-
MD5
468a30b0ce4341cdf189b0b62a36182a
-
SHA1
4b9ef7d6d7293c1005dab86ca18d0881047cee93
-
SHA256
fede203cd32d0a24c555e6f733e7d9f6ce288daaf05b0e6dbb501959a06f3076
-
SHA512
dfefcfdf1aed06041b10da492b4396bb6af78730518af0738155d33175dbc7ef85d09d7f4ecd4fd45935124ca38bb0dc8fbd0ceeb8115d46794465a86b2e96fe
-
SSDEEP
6144:fJqVG5d1IpjyibgkTZI6jHID90ahdBXWH/:f3d6QevoxjBXQ
Score1/10 -