General
-
Target
32d48e683861c1a37bce4410adc58d36b86bfda8121ff1deb73ef82008731d90
-
Size
3.2MB
-
Sample
231124-fpvsesff63
-
MD5
8505de0532f6dcdce9a0eedc15228a50
-
SHA1
aaf78ac7130521636386cf5b3538af7b831c96c0
-
SHA256
32d48e683861c1a37bce4410adc58d36b86bfda8121ff1deb73ef82008731d90
-
SHA512
4436b3ad9d1c573f0f0f6811a00887c4e54a0698419f6cf102b5a4043496e47e98bbdc8823e80b7e120906fa9c777cbe40c909c0653a91f63b7a4e48c1781e96
-
SSDEEP
384:070YVXelUmwKqxUXssZgQ0o9hRJR/JScyriS/UriBP3y86k6aJvZkPq0/X/C3aq5:S0Ibx5
Static task
static1
Behavioral task
behavioral1
Sample
32d48e683861c1a37bce4410adc58d36b86bfda8121ff1deb73ef82008731d90.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
32d48e683861c1a37bce4410adc58d36b86bfda8121ff1deb73ef82008731d90.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
cobaltstrike
1359593325
http://cdn.checkavail.space:80/maps/overlaybfpr
-
access_type
512
-
host
cdn.checkavail.space,/maps/overlaybfpr
-
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAfQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuNQAAAAoAAAARQ29ubmVjdGlvbjogY2xvc2UAAAAHAAAAAAAAAAMAAAACAAAABF9TUz0AAAACAAAAEFNSQ0hEPUFGPU5PRk9STTsAAAAGAAAABkNvb2tpZQAAAAkAAAAYcT1zYW4lMjBkaWVnbyUyMGNhJTIwem9vAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQWNjZXB0LUxhbmd1YWdlOiBlbi1VUwAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAARQ29ubmVjdGlvbjogY2xvc2UAAAAHAAAAAQAAAA0AAAACAAAACFNSQ0hVSUQ9AAAAAgAAABBTUkNIRD1BRj1OT0ZPUk07AAAABgAAAAZDb29raWUAAAAHAAAAAAAAAA0AAAAFAAAAA2xpZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
6912
-
polling_time
37500
-
port_number
80
-
sc_process32
%windir%\syswow64\gpupdate.exe
-
sc_process64
%windir%\sysnative\gpupdate.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCZPXyc5X1SZqJC6AxuXPnxJkqiEiLnDd8mEoYUZSyCUiOkst5+Q91822ewD7x4o/85eBwhd8EoUWUQfyotqfzHRak0P4pNM85tfIHB7HJKWxG7orVkSqh/zzHUbRaBsugPVE7LE93OvlsAY4Q1GMY95k+5pU4tm3/4w3HrcjORcwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
3.646887168e+09
-
unknown2
AAAABAAAAAEAAAiUAAAAAgAAAe0AAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown3
1.610612736e+09
-
uri
/maps/search
-
user_agent
Mozilla/5.0 (Windows NT 6.3; MSIE 9.0; Trident/7.0; rv:11.0) like Gecko Firefox
-
watermark
1359593325
Extracted
cobaltstrike
0
-
watermark
0
Targets
-
-
Target
32d48e683861c1a37bce4410adc58d36b86bfda8121ff1deb73ef82008731d90
-
Size
3.2MB
-
MD5
8505de0532f6dcdce9a0eedc15228a50
-
SHA1
aaf78ac7130521636386cf5b3538af7b831c96c0
-
SHA256
32d48e683861c1a37bce4410adc58d36b86bfda8121ff1deb73ef82008731d90
-
SHA512
4436b3ad9d1c573f0f0f6811a00887c4e54a0698419f6cf102b5a4043496e47e98bbdc8823e80b7e120906fa9c777cbe40c909c0653a91f63b7a4e48c1781e96
-
SSDEEP
384:070YVXelUmwKqxUXssZgQ0o9hRJR/JScyriS/UriBP3y86k6aJvZkPq0/X/C3aq5:S0Ibx5
Score10/10 -