General
-
Target
787d82c17232ca518cfd166d1b304ce2d1440167b384bcff104fdf6378f6b5fd
-
Size
208KB
-
Sample
231013-z8rdwsba8y
-
MD5
8a6544e11caea82f2db9a970e84ebfff
-
SHA1
a93f4d26a115de270e05c1dbdb06fb03bca5ce76
-
SHA256
787d82c17232ca518cfd166d1b304ce2d1440167b384bcff104fdf6378f6b5fd
-
SHA512
7896d95c2db13dc22c0966ee9027cb1ac93c2d2465f3fb7de7b75035f0bd3ca2f3913a0126ea68bea6c1130bebfb5d97581165ead067cd8d1ff6c9de87f6702d
-
SSDEEP
3072:LI6CqRCxffkClZ8Ccn7LQlRw6x+Y3CxT2DtK5jdUWY5W9:LIDff9D8C6XYRw6MT2DEj
Behavioral task
behavioral1
Sample
787d82c17232ca518cfd166d1b304ce2d1440167b384bcff104fdf6378f6b5fd.dll
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
787d82c17232ca518cfd166d1b304ce2d1440167b384bcff104fdf6378f6b5fd.dll
Resource
win10v2004-20230915-en
Malware Config
Extracted
cobaltstrike
100000
http://43.154.43.245:28880/j.ad
-
access_type
512
-
host
43.154.43.245,/j.ad
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
28880
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCYta+qd3xhU5C25re9hXApuzui8RuKTgoKaxLAzGwliVeAe3JeAFh3CbhmgLXuZcqolaMZBBT6W5DiYy4UVJ4WkjXNf3rQD7+af3/kmcgnKXch6yDxa4fUfLv2PmNB47mn58IiaDoI+6XYOkVtSI1XNGKCmxvXj2+wCpx+p3Cz1wIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MANM)
-
watermark
100000
Targets
-
-
Target
787d82c17232ca518cfd166d1b304ce2d1440167b384bcff104fdf6378f6b5fd
-
Size
208KB
-
MD5
8a6544e11caea82f2db9a970e84ebfff
-
SHA1
a93f4d26a115de270e05c1dbdb06fb03bca5ce76
-
SHA256
787d82c17232ca518cfd166d1b304ce2d1440167b384bcff104fdf6378f6b5fd
-
SHA512
7896d95c2db13dc22c0966ee9027cb1ac93c2d2465f3fb7de7b75035f0bd3ca2f3913a0126ea68bea6c1130bebfb5d97581165ead067cd8d1ff6c9de87f6702d
-
SSDEEP
3072:LI6CqRCxffkClZ8Ccn7LQlRw6x+Y3CxT2DtK5jdUWY5W9:LIDff9D8C6XYRw6MT2DEj
Score3/10 -