Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system -
submitted
14-10-2023 01:03
Static task
static1
Behavioral task
behavioral1
Sample
dns.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
dns.exe
Resource
win10v2004-20230915-en
General
-
Target
dns.exe
-
Size
281KB
-
MD5
f14e748100a40b9afcd937951e697a55
-
SHA1
1dab262d6d80e0ae5f58f6a3874d5429bd4d4ff8
-
SHA256
905fea59529123c399c9e890680d6b4f63428863a3a25c69dce7631e7b364c75
-
SHA512
24cb4f0274bdad6a3c97986d2e59c6225ea955cce2db3e909d462ef33dfe18631a57f6701bda2c6107b8bfb70f4faa983e73f9799bbaf66dab3dd0f4540944e4
-
SSDEEP
6144:tCcGo5zip07w7EI4/FQy6J06xs0UcaeIgvEn:pGAs0UII4/FGCalIKw
Malware Config
Extracted
cobaltstrike
100000
http://ns1.pwns.fun:53/api/x
http://ns2.pwns.fun:53/api/x
-
access_type
512
-
beacon_type
256
-
host
ns1.pwns.fun,/api/x,ns2.pwns.fun,/api/x
-
http_method1
GET
-
http_method2
POST
-
maxdns
255
-
polling_time
3000
-
port_number
53
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDDohWpPN9dK5Iaq3j5MARwhwXxMD+LZJY92SEg755tH3cbGJDwjAjae+Cq14PUO5w33EpPbdmLoEfwZmXv2Zz/AYj0O8mNmRw35sEPhPXGKj1Snqz4qS1EVBYgJOSMLEUCg7LBwHQtvsGnoZjszjkVqf9Hi9INcnBF8qLyh4JrKQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
1.481970944e+09
-
watermark
100000
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.