General
-
Target
fc815124dc2b846eb3215b2f91816f5d1c6f9a91ad34fda37dfee97b20f8f409
-
Size
1.8MB
-
Sample
231013-dgqgmabg3v
-
MD5
41b00fa23fb3b79db9203028ea9d03d4
-
SHA1
2bf0aedc99774acdff729b757ec057480cc004d3
-
SHA256
fc815124dc2b846eb3215b2f91816f5d1c6f9a91ad34fda37dfee97b20f8f409
-
SHA512
b4cacc9b3bef3a40335263ef24b49026f8b68e83fd685f6c5e397d2ee6846ea437fdca8888ef1677464d3c6026cd53c5fe1ddd0e1e4f36d4b565779c1881202d
-
SSDEEP
24576:LcGviP2CcmpREm3Tpj7juvMuY179aA82wlvCxVaIr7Fq5sMxn8ZiF35M8KD1vPl:L0rgDSw+sxPA8KD11
Static task
static1
Behavioral task
behavioral1
Sample
fc815124dc2b846eb3215b2f91816f5d1c6f9a91ad34fda37dfee97b20f8f409.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
fc815124dc2b846eb3215b2f91816f5d1c6f9a91ad34fda37dfee97b20f8f409.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
cobaltstrike
100000
http://cache.jquerysource.co:443/jquery-3.3.0.min.js
-
access_type
512
-
beacon_type
2048
-
host
cache.jquerysource.co,/jquery-3.3.0.min.js
-
http_header1
AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAAAoAAAAlUmVmZXJlcjogaHR0cHM6Ly9yZWxlYXNlcy5qcXVlcnkuY29tLwAAAAcAAAAAAAAAAwAAAAIAAAAKU0VTU0lPTklEPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAAAoAAAAkUmVmZXJlcjogaHR0cDovL3JlbGVhc2VzLmpxdWVyeS5jb20vAAAABwAAAAAAAAADAAAAAgAAAAlKU0VTU0lPTj0AAAAGAAAABkNvb2tpZQAAAAcAAAABAAAAAwAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
9472
-
polling_time
10000
-
port_number
443
-
sc_process32
%windir%\syswow64\dllhost.exe
-
sc_process64
%windir%\sysnative\dllhost.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCmQEPSLVuoOihACFPRnPSA3ftXYZ5SROYUUuItwE4kyXr+Bf8AXVqBnXaGIG9WpHAq9W+MzS6EhuMVG3U2Od8d77hCK6QAEFRCBiVHE5/jyjCR0FbJyrmVm1Uzbfqae2vVQ+HwGRFQhdwFvj7upXuaEZmO+D0S5U7Rfo3p7eNozQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4.16770176e+09
-
unknown2
AAAABAAAAAEAAAXyAAAAAgAAAFMAAAACAAAPWwAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/jquery-3.3.1.min.js
-
user_agent
Mozilla/5.0 (Windows NT) AppleWebKit/537.36 (KHTML, like Gecko, Efficiently) Safari/537.36
-
watermark
100000
Targets
-
-
Target
fc815124dc2b846eb3215b2f91816f5d1c6f9a91ad34fda37dfee97b20f8f409
-
Size
1.8MB
-
MD5
41b00fa23fb3b79db9203028ea9d03d4
-
SHA1
2bf0aedc99774acdff729b757ec057480cc004d3
-
SHA256
fc815124dc2b846eb3215b2f91816f5d1c6f9a91ad34fda37dfee97b20f8f409
-
SHA512
b4cacc9b3bef3a40335263ef24b49026f8b68e83fd685f6c5e397d2ee6846ea437fdca8888ef1677464d3c6026cd53c5fe1ddd0e1e4f36d4b565779c1881202d
-
SSDEEP
24576:LcGviP2CcmpREm3Tpj7juvMuY179aA82wlvCxVaIr7Fq5sMxn8ZiF35M8KD1vPl:L0rgDSw+sxPA8KD11
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-