General
-
Target
Adobe Acrobat Font Set 5.1.12.msi
-
Size
844KB
-
Sample
231116-jhqfxahe4w
-
MD5
764a6683659731c012f317be51f78fae
-
SHA1
d397ea3c9a83184caa5e18ed0b86104ad6575ec3
-
SHA256
461ba29d9386de39071d8f2f7956be21fb4fa06df8dd1db6dec3da0982e42f9f
-
SHA512
d38eee0b0b22f03dee71b55b3bd43d2ad28977bc946b62eb6f15d997e3efa804f2572fe57b928a53b8c3ba6a0ebd37664d82bff769d0e79e8e599a629ff85642
-
SSDEEP
12288:9jtM8VQaL5Rop6DMV6hY+T0c1PCeKgJwjIfqlI1HPgsJcDOI706AnL+X2g:saN46m6yc0c1qeK7AJGdBAnL+Gg
Static task
static1
Behavioral task
behavioral1
Sample
Adobe Acrobat Font Set 5.1.12.msi
Resource
win10v2004-20231020-en
Malware Config
Extracted
cobaltstrike
12345
http://geocitesbbc.com:443/callable
-
access_type
512
-
beacon_type
2048
-
host
geocitesbbc.com,/callable
-
http_header1
AAAAEAAAABVIb3N0OiBnZW9jaXRlc2JiYy5jb20AAAAKAAAAEUNvbm5lY3Rpb246IGNsb3NlAAAABwAAAAAAAAAPAAAAAwAAAAIAAAAHTFhHVUlEPQAAAAYAAAAGQ29va2llAAAACQAAAA9pbnRlcnJ1cHQ9ZmFsc2UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAAEAAAABVIb3N0OiBnZW9jaXRlc2JiYy5jb20AAAAKAAAAEUNvbm5lY3Rpb246IGNsb3NlAAAACgAAAB9BY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41AAAACgAAABhDb250ZW50LVR5cGU6IHRleHQvcGxhaW4AAAAHAAAAAQAAAA8AAAADAAAABAAAAAcAAAAAAAAAAwAAAAIAAAAOX19zZXNzaW9uX19pZD0AAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
9984
-
polling_time
42
-
port_number
443
-
sc_process32
%windir%\syswow64\w32tm.exe
-
sc_process64
%windir%\sysnative\w32tm.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCLM4J9O0m8TuhWhBdQoftl0i+1WQjhrUo8jlgb4wxjeOVKkNflC1MTu6xKTC/wBhEb0MBMChes1WKMTP1oCIqkmdBUvFpyzW8IRUXQkJ+1Bb4ynGMUd4Js14t35sbJNxhp5lRGsd0jpsQgBqby6GpXot0wRvYxp6p3oLNDY/uPywIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
3.025605888e+09
-
unknown2
AAAABAAAAAIAAAJYAAAAAwAAAA8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/switch
-
user_agent
Mozilla/5.0 (Linux; Android 11; CPH2127) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36
-
watermark
12345
Targets
-
-
Target
Adobe Acrobat Font Set 5.1.12.msi
-
Size
844KB
-
MD5
764a6683659731c012f317be51f78fae
-
SHA1
d397ea3c9a83184caa5e18ed0b86104ad6575ec3
-
SHA256
461ba29d9386de39071d8f2f7956be21fb4fa06df8dd1db6dec3da0982e42f9f
-
SHA512
d38eee0b0b22f03dee71b55b3bd43d2ad28977bc946b62eb6f15d997e3efa804f2572fe57b928a53b8c3ba6a0ebd37664d82bff769d0e79e8e599a629ff85642
-
SSDEEP
12288:9jtM8VQaL5Rop6DMV6hY+T0c1PCeKgJwjIfqlI1HPgsJcDOI706AnL+X2g:saN46m6yc0c1qeK7AJGdBAnL+Gg
Score10/10-
Blocklisted process makes network request
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-