General
-
Target
05ad43f3cfbeb5dc4c486f21cba31bbda392dc4e173cf5adeda74895913aed0c
-
Size
2.7MB
-
Sample
231123-fsdy3sha2v
-
MD5
e896e5f902599da386986e6730cc9e3f
-
SHA1
4de0e53d601ad63b16b6bf0473679173160ac027
-
SHA256
05ad43f3cfbeb5dc4c486f21cba31bbda392dc4e173cf5adeda74895913aed0c
-
SHA512
b5e6c65175ad28a9b20cf73e62d1ed5365376eb3b136dac6936873724f1ef1549bd2847e44c0e2fcb582944688e30048daba97469709ff265f205a601fc589a4
-
SSDEEP
49152:JSg75I7wCrpm6CXDvX/m9F+oPEUf99cYP:JtmuDvX/m9kYfB
Static task
static1
Behavioral task
behavioral1
Sample
05ad43f3cfbeb5dc4c486f21cba31bbda392dc4e173cf5adeda74895913aed0c.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
05ad43f3cfbeb5dc4c486f21cba31bbda392dc4e173cf5adeda74895913aed0c.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
cobaltstrike
100000
http://10.211.55.2:80/fwlink
-
access_type
512
-
host
10.211.55.2,/fwlink
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
80
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCD2hb3WLcc6220uC8Q0Bu0LiTxzrqVEUdevL8oSRxropQVhIjZS4FI5sPRC/H9D1dP8sJf7fa/R/S98HeRvkI3uMQ9mzhIWLBVCZDvNbQBZ0g+xkh0WYri84W2GdFK4DB59FtVz9ebmPtoN4rxFwbBgUhJcqfUU4uhhOKVHs/EUQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MAARJS)
-
watermark
100000
Extracted
cobaltstrike
0
-
watermark
0
Targets
-
-
Target
05ad43f3cfbeb5dc4c486f21cba31bbda392dc4e173cf5adeda74895913aed0c
-
Size
2.7MB
-
MD5
e896e5f902599da386986e6730cc9e3f
-
SHA1
4de0e53d601ad63b16b6bf0473679173160ac027
-
SHA256
05ad43f3cfbeb5dc4c486f21cba31bbda392dc4e173cf5adeda74895913aed0c
-
SHA512
b5e6c65175ad28a9b20cf73e62d1ed5365376eb3b136dac6936873724f1ef1549bd2847e44c0e2fcb582944688e30048daba97469709ff265f205a601fc589a4
-
SSDEEP
49152:JSg75I7wCrpm6CXDvX/m9F+oPEUf99cYP:JtmuDvX/m9kYfB
Score10/10 -