General
-
Target
e7a1ddc709983e28e359e14b22bdb3070288982bc0b0c8818ea18c77b5563898
-
Size
166KB
-
Sample
231204-exln2sgh7s
-
MD5
5941d11fa4b383a5cdfb7d3dfaafe73f
-
SHA1
864424a7b18b0e706657877d7712a62fc621e755
-
SHA256
e7a1ddc709983e28e359e14b22bdb3070288982bc0b0c8818ea18c77b5563898
-
SHA512
dc9bb253b665c6be3a7bceb1b6ee30c5e75d2bb57e9c301c6ebb7e94e6a97d3e548d8ae8c4dded1ee147c0d6a3a1ada38132a1cdc502035f32a153d9cc397e0b
-
SSDEEP
3072:xHeDhQiGe57svqK6hljkKJwJZR0/eqovL4kCe2nweXhxErB/pm/xKpaklwk:xeQiGetsHgxktFLXCedeXhc/pmGakl1
Malware Config
Extracted
cobaltstrike
391144938
http://240e:335:6a00:8880:20c:29ff:fe38:16d7:5555/IE9CompatViewList.xml
-
access_type
512
-
host
240e:335:6a00:8880:20c:29ff:fe38:16d7,/IE9CompatViewList.xml
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
5555
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCfaBmJGMIb0nueRb+18Jn6axcaI9v1iEoIa10VNQFi+aP+Ydi1hz6dL2gUqvxMspi5YzXyX8NOhR+U9NJGIlA5iwD6WfFa1uHQ837yBIZ+XzrwdgENFU/wTrpDl5WDndmAbcJheT7IKeHPy0KxeWmOxBY6I4+UswVqrWuNAy3yFQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2; .NET4.0C; .NET4.0E)
-
watermark
391144938
Targets
-
-
Target
e7a1ddc709983e28e359e14b22bdb3070288982bc0b0c8818ea18c77b5563898
-
Size
166KB
-
MD5
5941d11fa4b383a5cdfb7d3dfaafe73f
-
SHA1
864424a7b18b0e706657877d7712a62fc621e755
-
SHA256
e7a1ddc709983e28e359e14b22bdb3070288982bc0b0c8818ea18c77b5563898
-
SHA512
dc9bb253b665c6be3a7bceb1b6ee30c5e75d2bb57e9c301c6ebb7e94e6a97d3e548d8ae8c4dded1ee147c0d6a3a1ada38132a1cdc502035f32a153d9cc397e0b
-
SSDEEP
3072:xHeDhQiGe57svqK6hljkKJwJZR0/eqovL4kCe2nweXhxErB/pm/xKpaklwk:xeQiGetsHgxktFLXCedeXhc/pmGakl1
Score10/10-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-