General
-
Target
08111ee4bb50824431c078d83047c4e63e6ca014469657ad0ccffc352201f771
-
Size
259KB
-
Sample
231022-qra6xaae76
-
MD5
3f63e2a38ace85a22afc82a2bd15906b
-
SHA1
ad91e4474e0889667fa8a02e6d2a928f1fbc561a
-
SHA256
08111ee4bb50824431c078d83047c4e63e6ca014469657ad0ccffc352201f771
-
SHA512
cb2e24e7eab6df06a4f68f6f0f73010b6b3d74c9c09d1995cf54b4e09e0afc01c7aa5d927f6c8e0e3636a2a670ab5693e43a506f89c5e11599d3074a7bd2ebf7
-
SSDEEP
6144:uJqVG5d1IpMyibgkTZI6jHID90a5BXTH/:u3d6tevoxpBXj
Behavioral task
behavioral1
Sample
08111ee4bb50824431c078d83047c4e63e6ca014469657ad0ccffc352201f771.dll
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
08111ee4bb50824431c078d83047c4e63e6ca014469657ad0ccffc352201f771.dll
Resource
win10v2004-20231020-en
Malware Config
Extracted
cobaltstrike
100000
http://103.234.72.214:1666/pixel.gif
-
access_type
512
-
host
103.234.72.214,/pixel.gif
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
1666
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3XExQHTGi1JQ8uO72GjcLGC8tS1OJ+I8VE48LC7/SZV9z6iwUQhMh3urLGjr8m0xjzcEyqtkzt11cALA7R2Yp8Uaz/jmT3ZqyenOs1klcT6/iYoJmuq0DAsYPQce8m67+dEqx7nlXLkmrPs+utXGBhp/cuVshBoyGSY+pVWXz1QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)
-
watermark
100000
Targets
-
-
Target
08111ee4bb50824431c078d83047c4e63e6ca014469657ad0ccffc352201f771
-
Size
259KB
-
MD5
3f63e2a38ace85a22afc82a2bd15906b
-
SHA1
ad91e4474e0889667fa8a02e6d2a928f1fbc561a
-
SHA256
08111ee4bb50824431c078d83047c4e63e6ca014469657ad0ccffc352201f771
-
SHA512
cb2e24e7eab6df06a4f68f6f0f73010b6b3d74c9c09d1995cf54b4e09e0afc01c7aa5d927f6c8e0e3636a2a670ab5693e43a506f89c5e11599d3074a7bd2ebf7
-
SSDEEP
6144:uJqVG5d1IpMyibgkTZI6jHID90a5BXTH/:u3d6tevoxpBXj
Score1/10 -