General
-
Target
oci.zip
-
Size
210KB
-
Sample
231015-fax91ada9x
-
MD5
c02a6c513f66ceabea966a8658d5d1f2
-
SHA1
6ab97d10bc10964a4d7066feaf9a1aeea3671cd0
-
SHA256
126de5fbab3e23ba914ee715b60df1acd7f8d7116a4ed17db09669b41b40ad81
-
SHA512
08c81b5f5ddc38c9f9b85901ac9775880464fe1c2064313e9ae4e785db4a11c7a255c50c17ccf461c38e766eaccfdbb74586bc77354dea85d19f5eedd64bf820
-
SSDEEP
6144:Avos1O0DMiOGeZlRHoCZkmVT0h6pmBuUJhKo8iq2FALy1kkI3dc:Aws4KMFih6hLj27I32
Static task
static1
Behavioral task
behavioral1
Sample
oci.dll
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
oci.dll
Resource
win10v2004-20230915-en
Malware Config
Extracted
cobaltstrike
426352781
http://corp-sbt.company:53/zC
-
access_type
512
-
beacon_type
256
-
host
corp-sbt.company,/zC
-
http_method1
GET
-
http_method2
POST
-
maxdns
255
-
polling_time
60000
-
port_number
53
-
sc_process32
%windir%\syswow64\wbem\wmiprvse.exe -Embedding
-
sc_process64
%windir%\sysnative\wbem\wmiprvse.exe -Embedding
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCGansJ7mCLGdtVFTAJlLG5+1HWoHiw/xwZ+9hp4Qkcs3jZPJcxS35msi9EY6SfnthfKNn4EZS4At9BMSjQTA4KPmsR4mfU7VTpzsUnokI+RqG50nhmFdeM0RlSHOP/nmASEpMD3UsENV6DPrlNCvOEG5+oKAMXNpU9v3E0oRWjFQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
2.153059584e+09
-
unknown3
1.610612736e+09
-
watermark
426352781
Extracted
cobaltstrike
0
-
watermark
0
Targets
-
-
Target
oci.dll
-
Size
529KB
-
MD5
977f2033e088034cdb05d6704969a84d
-
SHA1
68e6bf7eccca4482133368035b21d729b72b2beb
-
SHA256
ab50b3e2c03bddc7bb81cf7d9cd11b9abdbe1bc551a7b64e64f4e94807fc75c5
-
SHA512
bc7f7286bf04159c14211ff7b551a8f513437dd390b5cd57e78bcdb295936bc2c02eaab4b8d6b2b1ed2facb0bc0c5d81253a4a4d265bbd913bd1136455783b8b
-
SSDEEP
12288:OtX0V5RIbQvA8A0ag0r81Qmeh6YnocpXAFgzY:OERnC6YocpXAFgzY
Score10/10-
Drops file in System32 directory
-