User tags
Assigned on submission by the user, not by sandbox detections.
General
-
Target
火绒.exe.1
-
Size
9.6MB
-
Sample
231207-y4n8asfd29
-
MD5
180672edc8f3976d1d3c753243dcc7a7
-
SHA1
676fb839d81259e3455d1e86703589111c47f3b7
-
SHA256
7ddb232a675e2a4a1cc2d23c2c3f622ba55b39ee5e61d1acf50e71381a6bc7da
-
SHA512
58c6897056c41ee360d6f5e6e80aca96314e7ec225909af5fef81dcae3270d90beca13bb6dd3ac7d3efb772c7641cea18ef3c85f91a564bf6d6b698acfaa0c6f
-
SSDEEP
196608:lgE4nd8QO87G50mr2puHUHNT29onJ5hrZEOe9tGPqKPNqTbCGRWJ9h:+E4GW7GKmr2pu0tT29c5hlEcPNA3Pg
Malware Config
Extracted
cobaltstrike
391144938
http://117.50.163.113:8111/js/main.js
-
access_type
512
-
host
117.50.163.113,/js/main.js
-
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAABAAAAAQSG9zdDogbWVkaWF2LmNvbQAAAAoAAAAgUmVmZXJlcjogaHR0cHM6Ly93d3cubWVkaWF2LmNvbS8AAAAHAAAAAAAAAA0AAAACAAAACHNlc3Npb249AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACQAAAB1uZXh0PSUyRmFkZCUyRmNyZWF0ZSUyRnNob3dpZAAAAAoAAACPQWNjZXB0OiB0ZXh0L2h0bWwsYXBwbGljYXRpb24veGh0bWwreG1sLGFwcGxpY2F0aW9uL3htbDtxPTAuOSxpbWFnZS9hdmlmLGltYWdlL3dlYnAsaW1hZ2UvYXBuZywqLyo7cT0wLjgsYXBwbGljYXRpb24vc2lnbmVkLWV4Y2hhbmdlO3Y9YjM7cT0wLjkAAAAKAAAAL0NvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkAAAACgAAABxVcGdyYWRlLUluc2VjdXJlLVJlcXVlc3RzOiAxAAAAEAAAABBIb3N0OiBtZWRpYXYuY29tAAAABwAAAAAAAAAPAAAADQAAAAUAAAAHbG9nZm9ybQAAAAcAAAABAAAADwAAAA0AAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
500
-
port_number
8111
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtELbD69mDAu2VN13EyEvVBnViy+q90bBqVNerdBK1Ywkq/RXvBXReu5btWHSHdHcVt1kaXBvRPCdPa6wn9CRJPBlkLd36Eih5lKazX5YSBHDJy9o0IWgn3JHfbp+8ld+PBqflzwYQu57MM5zhrdcnQCjXLjpV84Ezr5hJr35tawIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
2.002130176e+09
-
unknown2
AAAABAAAAAIAAAEcAAAADQAAAA8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/login
-
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
-
watermark
391144938
Targets
-
-
Target
火绒.exe.1
-
Size
9.6MB
-
MD5
180672edc8f3976d1d3c753243dcc7a7
-
SHA1
676fb839d81259e3455d1e86703589111c47f3b7
-
SHA256
7ddb232a675e2a4a1cc2d23c2c3f622ba55b39ee5e61d1acf50e71381a6bc7da
-
SHA512
58c6897056c41ee360d6f5e6e80aca96314e7ec225909af5fef81dcae3270d90beca13bb6dd3ac7d3efb772c7641cea18ef3c85f91a564bf6d6b698acfaa0c6f
-
SSDEEP
196608:lgE4nd8QO87G50mr2puHUHNT29onJ5hrZEOe9tGPqKPNqTbCGRWJ9h:+E4GW7GKmr2pu0tT29c5hlEcPNA3Pg
Score10/10-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
Loads dropped DLL
-