General
-
Target
NEAS.a442ae5c76072873c8799ce6d53674d0.exe
-
Size
260KB
-
Sample
231021-1ba63shf79
-
MD5
a442ae5c76072873c8799ce6d53674d0
-
SHA1
b59937538aae8bfb005a80d52c13e4a9a822b321
-
SHA256
d58a1d317dab76b48efcba63c84b74949e2a958487cabe350379799b7492f2a7
-
SHA512
e75c1c56b7d23091222ad93b42f24b92daf8bccd51d777ad92c0fd9df1f22d9d3a4c6fec64ef3516d805823e29e1e6dafdaee18df6f094df08e4de14588d50fd
-
SSDEEP
3072:7c0nsHpyvGj346lbkBN/gppj8aJGIhxjT3A8ygbLAZmitdGl5w9tQYJ1b/S1PGoB:7c0bPzIpt8ahTw8PHA8itQWQvBuE
Malware Config
Extracted
cobaltstrike
426352781
http://192.168.211.128:80/pixel
-
access_type
512
-
host
192.168.211.128,/pixel
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
80
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDRrA1HtdLhwlY+stYJm/kbwjRGqOwb62mg+e06TH/zN6ULirCAETzcqKAT+LF5lN03VQQiJJSLDpzD3TIP7j5ddfpokZBMSjETyde3h/wGvMjD83jM3ODnoygLFbSXPReIDGqKI1L/AN0wkF396OUsR/OsW+TGBpTcxB1wnBCAIQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; MAAU; NP08)
-
watermark
426352781
Targets
-
-
Target
NEAS.a442ae5c76072873c8799ce6d53674d0.exe
-
Size
260KB
-
MD5
a442ae5c76072873c8799ce6d53674d0
-
SHA1
b59937538aae8bfb005a80d52c13e4a9a822b321
-
SHA256
d58a1d317dab76b48efcba63c84b74949e2a958487cabe350379799b7492f2a7
-
SHA512
e75c1c56b7d23091222ad93b42f24b92daf8bccd51d777ad92c0fd9df1f22d9d3a4c6fec64ef3516d805823e29e1e6dafdaee18df6f094df08e4de14588d50fd
-
SSDEEP
3072:7c0nsHpyvGj346lbkBN/gppj8aJGIhxjT3A8ygbLAZmitdGl5w9tQYJ1b/S1PGoB:7c0bPzIpt8ahTw8PHA8itQWQvBuE
Score1/10 -