General
-
Target
68152ba20ba8699b12a14d7f5a8be836f901c36c7015847a9de8a1303c10549b
-
Size
259KB
-
Sample
231021-k3zqrafc65
-
MD5
1371c7775bc9b5db8ce2e4d4b751f08b
-
SHA1
3bd144e10683821a76c5589d06033b8b3d331e21
-
SHA256
68152ba20ba8699b12a14d7f5a8be836f901c36c7015847a9de8a1303c10549b
-
SHA512
c0a448eeca2d8815ec64985c55dcc101aedc646ec5a5f3ba4671b515f754ca183a12a80a2b9ef7f3bde776c035b04bc38b06d854199c18961104c0145cf6cc05
-
SSDEEP
6144:uJqVG5d1IpMyibgkTZI6jHID90aQKBX7dH/:u3d6tevoxgKBXl
Behavioral task
behavioral1
Sample
68152ba20ba8699b12a14d7f5a8be836f901c36c7015847a9de8a1303c10549b.dll
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
68152ba20ba8699b12a14d7f5a8be836f901c36c7015847a9de8a1303c10549b.dll
Resource
win10v2004-20231020-en
Malware Config
Extracted
cobaltstrike
666666
http://43.138.100.223:10010/cx
-
access_type
512
-
host
43.138.100.223,/cx
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
10010
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxTvaC9DJqJyWpwTPyDLN0gol5s7HRFc2kkkmN10D0Ge7aPJcB56EEqDm/DM2Gy7YNbUncl6sFuZLQhLz5bshGUN1kaajDa7Or4HoGw9kUeD4BGVqOYWEvPIg+NSR1KWHj5JPaEZbp2DRWYwY7u6BJHpWmiwqZa6LSa+zep5XYEwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; UHS)
-
watermark
666666
Targets
-
-
Target
68152ba20ba8699b12a14d7f5a8be836f901c36c7015847a9de8a1303c10549b
-
Size
259KB
-
MD5
1371c7775bc9b5db8ce2e4d4b751f08b
-
SHA1
3bd144e10683821a76c5589d06033b8b3d331e21
-
SHA256
68152ba20ba8699b12a14d7f5a8be836f901c36c7015847a9de8a1303c10549b
-
SHA512
c0a448eeca2d8815ec64985c55dcc101aedc646ec5a5f3ba4671b515f754ca183a12a80a2b9ef7f3bde776c035b04bc38b06d854199c18961104c0145cf6cc05
-
SSDEEP
6144:uJqVG5d1IpMyibgkTZI6jHID90aQKBX7dH/:u3d6tevoxgKBXl
Score1/10 -