General
-
Target
02ca69bf30c90b9a5ad9017fb0cf07295900f603a1f715f9d74b6a6924513df8
-
Size
259KB
-
Sample
231014-a8le7sac77
-
MD5
b0eaead88c038d123c0daa06c3278a7b
-
SHA1
406997795ddc7e0d0e475d49a1d6f128d9c39e75
-
SHA256
02ca69bf30c90b9a5ad9017fb0cf07295900f603a1f715f9d74b6a6924513df8
-
SHA512
e720b17557094a64536de31afa7c4074f30e0d7da48219bad24a8054ccee7c09ce4e819569c22bfb836746ea9f7fd399a3870b28a2d4050d17f32e3aff5b8f75
-
SSDEEP
3072:REX+XSzARN6v+Xkce1Z53/gpErbJ21TjPThZb2fQgEz6i0ZcV9CYJYiK+80:REX5ye1bIpErbaTSI5z6i0cCX+
Malware Config
Extracted
cobaltstrike
100000
http://ns1.pwns.fun:53/api/x
http://ns2.pwns.fun:53/api/x
-
access_type
512
-
beacon_type
256
-
host
ns1.pwns.fun,/api/x,ns2.pwns.fun,/api/x
-
http_method1
GET
-
http_method2
POST
-
maxdns
255
-
polling_time
3000
-
port_number
53
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDDohWpPN9dK5Iaq3j5MARwhwXxMD+LZJY92SEg755tH3cbGJDwjAjae+Cq14PUO5w33EpPbdmLoEfwZmXv2Zz/AYj0O8mNmRw35sEPhPXGKj1Snqz4qS1EVBYgJOSMLEUCg7LBwHQtvsGnoZjszjkVqf9Hi9INcnBF8qLyh4JrKQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
1.481970944e+09
-
watermark
100000
Targets
-
-
Target
02ca69bf30c90b9a5ad9017fb0cf07295900f603a1f715f9d74b6a6924513df8
-
Size
259KB
-
MD5
b0eaead88c038d123c0daa06c3278a7b
-
SHA1
406997795ddc7e0d0e475d49a1d6f128d9c39e75
-
SHA256
02ca69bf30c90b9a5ad9017fb0cf07295900f603a1f715f9d74b6a6924513df8
-
SHA512
e720b17557094a64536de31afa7c4074f30e0d7da48219bad24a8054ccee7c09ce4e819569c22bfb836746ea9f7fd399a3870b28a2d4050d17f32e3aff5b8f75
-
SSDEEP
3072:REX+XSzARN6v+Xkce1Z53/gpErbJ21TjPThZb2fQgEz6i0ZcV9CYJYiK+80:REX5ye1bIpErbaTSI5z6i0cCX+
Score1/10 -