General
-
Target
8a881d784c1144a9c144288ff98fd84db0165fbddffbda16da983eaad13ac2eb
-
Size
363KB
-
Sample
231203-t2j4cadc6y
-
MD5
844cabf7df93b2dcc4578f6fec951dd9
-
SHA1
8be2362bafc4ebc6f5643a4b591b1b9e6ce7a2ed
-
SHA256
8a881d784c1144a9c144288ff98fd84db0165fbddffbda16da983eaad13ac2eb
-
SHA512
715b1f3e47c3afe44b22dd9ee9ee7c2b824c37343ca1633259fadbbde36f42cdb8ea974ee1cc575d61c34db3f8cd8c6606123564261de82220c019c18792914d
-
SSDEEP
6144:gexR0RqPHU959bQApoKAz3Snx/3mmDXFiIey6R4Kxg13T8j7GoKDPGTmmA:5uqPAoKAz3Sx/3dViIy4Kxg13T8j7Go/
Static task
static1
Behavioral task
behavioral1
Sample
8a881d784c1144a9c144288ff98fd84db0165fbddffbda16da983eaad13ac2eb.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
8a881d784c1144a9c144288ff98fd84db0165fbddffbda16da983eaad13ac2eb.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
cobaltstrike
391144938
http://121.40.254.24:8724/ptj
-
access_type
512
-
host
121.40.254.24,/ptj
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
8724
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC/TybzK6APgSkvv/ntRDuV6D06v8UwSiyjlGX3NrsSKfjmdbvCc0H0q4bTVOMKAMUq0XEU3xuMrcMYvg+eymca8YaTyV3vMD9CqUVKwuOKRLZyBeeQD+TdK0/tkAvuZGpzHycQLjIeE+y7JpHEz3gLwILb0icKAXAZfCwKPh7lpQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/5.0 (Windows NT 6.3; rv:36.0) Gecko/20100101 Firefox/36.0
-
watermark
391144938
Targets
-
-
Target
8a881d784c1144a9c144288ff98fd84db0165fbddffbda16da983eaad13ac2eb
-
Size
363KB
-
MD5
844cabf7df93b2dcc4578f6fec951dd9
-
SHA1
8be2362bafc4ebc6f5643a4b591b1b9e6ce7a2ed
-
SHA256
8a881d784c1144a9c144288ff98fd84db0165fbddffbda16da983eaad13ac2eb
-
SHA512
715b1f3e47c3afe44b22dd9ee9ee7c2b824c37343ca1633259fadbbde36f42cdb8ea974ee1cc575d61c34db3f8cd8c6606123564261de82220c019c18792914d
-
SSDEEP
6144:gexR0RqPHU959bQApoKAz3Snx/3mmDXFiIey6R4Kxg13T8j7GoKDPGTmmA:5uqPAoKAz3Sx/3dViIy4Kxg13T8j7Go/
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-