General
-
Target
3468bbee0e46854f75614c10b0e50c77adf16b1595c63cc66104c123d692a76c
-
Size
240KB
-
Sample
231026-qdn6lsbh9z
-
MD5
4fc8198a4f9bb7fc80ca0b720d4cd067
-
SHA1
e8b219ad5d20a772f7a0f9f4da4e24667ad8170c
-
SHA256
3468bbee0e46854f75614c10b0e50c77adf16b1595c63cc66104c123d692a76c
-
SHA512
6c7bb1e7c6773bb80fff8f193f8f4e42b058aace3cef1e6b7bb2097fbf98a320cc9d7d4bb9b9941468a13ea75901b8db12ced86ae089d150a8424db1bd899377
-
SSDEEP
6144:xcKiFgIvrRjIIRjMFxvaJdQTJ9knQOiON/ZPlYv:xLigSrRFRjMFxvaJWl9WbPmv
Static task
static1
Behavioral task
behavioral1
Sample
3468bbee0e46854f75614c10b0e50c77adf16b1595c63cc66104c123d692a76c.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
3468bbee0e46854f75614c10b0e50c77adf16b1595c63cc66104c123d692a76c.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
cobaltstrike
100000
http://service-2iwo0kg3-1306669097.bj.apigw.tencentcs.com:443/assets/code-3d7b701fc6eb.css
-
access_type
512
-
beacon_type
2048
-
host
service-2iwo0kg3-1306669097.bj.apigw.tencentcs.com,/assets/code-3d7b701fc6eb.css
-
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAeQ29udGVudC1MYW5ndWFnZTogZGUtREUsIGVuLUNBAAAABwAAAAAAAAADAAAAAgAAAApTRVNTSU9OSUQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAeQ29udGVudC1MYW5ndWFnZTogZGUtREUsIGVuLUNBAAAABwAAAAAAAAADAAAAAgAAAAlKU0VTU0lPTj0AAAAGAAAABkNvb2tpZQAAAAcAAAABAAAAAwAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
2560
-
polling_time
5
-
port_number
443
-
sc_process32
%windir%\syswow64\esentutl.exe
-
sc_process64
%windir%\sysnative\esentutl.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCfep/TSilfG1bUUWvcuoPniqb1ayJJ7CxTyGLdwTWr1+F6B0SgCOmoP0B3HxpBSE7ZDMQlFpGFePb78MYiWM0Ubwtp8aFLt12xutCsDMHUlp/Ti739hMtPwnpSCjqamGEtwELvj02hojLWq6XAtPgEfum9U/yn4RxH0MS9cxOrzQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
2.702512128e+09
-
unknown2
AAAABAAAAAEAAAXyAAAAAgAAAFQAAAACAAAPWwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/qiyi
-
user_agent
Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0)
-
watermark
100000
Targets
-
-
Target
3468bbee0e46854f75614c10b0e50c77adf16b1595c63cc66104c123d692a76c
-
Size
240KB
-
MD5
4fc8198a4f9bb7fc80ca0b720d4cd067
-
SHA1
e8b219ad5d20a772f7a0f9f4da4e24667ad8170c
-
SHA256
3468bbee0e46854f75614c10b0e50c77adf16b1595c63cc66104c123d692a76c
-
SHA512
6c7bb1e7c6773bb80fff8f193f8f4e42b058aace3cef1e6b7bb2097fbf98a320cc9d7d4bb9b9941468a13ea75901b8db12ced86ae089d150a8424db1bd899377
-
SSDEEP
6144:xcKiFgIvrRjIIRjMFxvaJdQTJ9knQOiON/ZPlYv:xLigSrRFRjMFxvaJWl9WbPmv
Score10/10 -