General
-
Target
4beed249504860377e0d97b209ce745d806a22e2cc50e631bb69eadd203c45b2
-
Size
259KB
-
Sample
231012-r3zt3sge86
-
MD5
06f43ea2ba14f6fa2349b3216fe70621
-
SHA1
44cceb2a4162947463d6d3b82bc75c463fcc0889
-
SHA256
4beed249504860377e0d97b209ce745d806a22e2cc50e631bb69eadd203c45b2
-
SHA512
19cc1a1885ef33661060e6831fb349c6aaa78fe76958462e9234bf679aa3e9097ba6e2f161b43114ae8690d6d695ce1701e7591ab526f620c82c154f5959ec02
-
SSDEEP
6144:uJqVG5d1IpMyibgkTZI6jHID90aVBXYH/:u3d6tevoxlBXe
Behavioral task
behavioral1
Sample
4beed249504860377e0d97b209ce745d806a22e2cc50e631bb69eadd203c45b2.dll
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
4beed249504860377e0d97b209ce745d806a22e2cc50e631bb69eadd203c45b2.dll
Resource
win10v2004-20230915-en
Malware Config
Extracted
cobaltstrike
666666
http://58.53.128.27:6001/en_US/all.js
-
access_type
512
-
host
58.53.128.27,/en_US/all.js
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
6001
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCkQIo+ogx584Q7zS2a2ql6iW5y9goZPEcGMw+WDKFd/wixKJ4xDnriiIpDPVlzbfMUmRjKdeUv53oqLJjdkTtZa0e5SxlRThfWSwZsCLAfLEZBnIxa9cPU4iPZnU692BVMf0wfULkjav8hzVWaKx+VOk8Pq4v68cMZLzJNPFM9gwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; WOW64; Trident/5.0)
-
watermark
666666
Targets
-
-
Target
4beed249504860377e0d97b209ce745d806a22e2cc50e631bb69eadd203c45b2
-
Size
259KB
-
MD5
06f43ea2ba14f6fa2349b3216fe70621
-
SHA1
44cceb2a4162947463d6d3b82bc75c463fcc0889
-
SHA256
4beed249504860377e0d97b209ce745d806a22e2cc50e631bb69eadd203c45b2
-
SHA512
19cc1a1885ef33661060e6831fb349c6aaa78fe76958462e9234bf679aa3e9097ba6e2f161b43114ae8690d6d695ce1701e7591ab526f620c82c154f5959ec02
-
SSDEEP
6144:uJqVG5d1IpMyibgkTZI6jHID90aVBXYH/:u3d6tevoxlBXe
Score1/10 -