General
-
Target
8ace6478292024e7a772bd773da0f588c86bb9d7fecc6a8383dfb9ba4cfe16fd
-
Size
8.3MB
-
Sample
231026-pk9kfsdd42
-
MD5
547812b55e623a1af8565c9c26289019
-
SHA1
6e10c2bb4bf13f924133c69cafc3fa14c990b2f6
-
SHA256
8ace6478292024e7a772bd773da0f588c86bb9d7fecc6a8383dfb9ba4cfe16fd
-
SHA512
43c109627cd846d05fdeb34fcdb045ca8b54008cf202d3a0e577c50f8afe21fe6076942454c27ad69a40c3bccf6c2288eedc1441d4e81fcb369304216d53ecda
-
SSDEEP
196608:hqaJnq7iIE7SRpoOQjMy89onJ5hrZEnhbJMFjfWPZYipII/KHKA:pNq7iIE7YojQy89c5hlEnhyFzWPZY8K
Behavioral task
behavioral1
Sample
8ace6478292024e7a772bd773da0f588c86bb9d7fecc6a8383dfb9ba4cfe16fd.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
8ace6478292024e7a772bd773da0f588c86bb9d7fecc6a8383dfb9ba4cfe16fd.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
cobaltstrike
100000
http://103.234.72.74:80/ptj
-
access_type
512
-
host
103.234.72.74,/ptj
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAABJBY2NlcHQ6IHRleHQvcGxhaW4AAAAKAAAAFkFjY2VwdC1MYW5ndWFnZTogZW4tdXMAAAAKAAAAG0FjY2VwdC1FbmNvZGluZzogdGV4dC9wbGFpbgAAAAoAAAAvQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybHRyeXRyeWQAAAAHAAAAAAAAAAgAAAAFAAAAAmlkAAAABwAAAAEAAAADAAAAAgAAADsmb3A9MSZpZD12eGV5a1MmdWk9Sm9zaCBAIFBDJnd2PTExJmdyPWJhY2tvZmYmYnY9MS41NSZkYXRhPQAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
2560
-
polling_time
37500
-
port_number
80
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCPxVlBaGI4obe2z04qn+7a1HHvNEcc2uuUx8A1vtcLoA/MFTUpUAmA2Qs3QqTGjaNAhTW5nEG1x2X8WCOY2334WSaUxWsYXK88UZ2GWdiKiR8q851lzWvNh0ArfveFFQF+845wP/aJQ1Kv1bHUpxP+w0zFwKbKdVwuaZHF5dIHCQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/windowsxp/updcheck.php
-
user_agent
Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Firefox/24.0
-
watermark
100000
Targets
-
-
Target
8ace6478292024e7a772bd773da0f588c86bb9d7fecc6a8383dfb9ba4cfe16fd
-
Size
8.3MB
-
MD5
547812b55e623a1af8565c9c26289019
-
SHA1
6e10c2bb4bf13f924133c69cafc3fa14c990b2f6
-
SHA256
8ace6478292024e7a772bd773da0f588c86bb9d7fecc6a8383dfb9ba4cfe16fd
-
SHA512
43c109627cd846d05fdeb34fcdb045ca8b54008cf202d3a0e577c50f8afe21fe6076942454c27ad69a40c3bccf6c2288eedc1441d4e81fcb369304216d53ecda
-
SSDEEP
196608:hqaJnq7iIE7SRpoOQjMy89onJ5hrZEnhbJMFjfWPZYipII/KHKA:pNq7iIE7YojQy89c5hlEnhyFzWPZY8K
Score10/10-
Loads dropped DLL
-