General
-
Target
0c28502c4a274420cd77301f2265b62b357769d1988b0a2de2d5fbf507c9d408
-
Size
5.9MB
-
Sample
231212-bakaxsddg3
-
MD5
87a929b09075325dda765e2cb9d3d22b
-
SHA1
ff0217003de40fef22d4b6e8e0366c4177c77e59
-
SHA256
0c28502c4a274420cd77301f2265b62b357769d1988b0a2de2d5fbf507c9d408
-
SHA512
813c202297bf022be93fd659aa5a4ce63c16c23b2585a75cecc3d740ebc892a01f46469b9200a60a1fa5f8ceb2f3c0e8e4ed715ac44c522a7cfa19bbfeb60979
-
SSDEEP
49152:+eUfzW9lg4sE5iXpi1UplYhXYRGADTBOdFsK4/JWAZe39RK7JtcxorYiTiX8dJNr:eCbkE5MpDZ/JiYtcNg5UA6JE3YrvsWh
Static task
static1
Behavioral task
behavioral1
Sample
0c28502c4a274420cd77301f2265b62b357769d1988b0a2de2d5fbf507c9d408.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
0c28502c4a274420cd77301f2265b62b357769d1988b0a2de2d5fbf507c9d408.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
cobaltstrike
12345
http://newstibulum.com:443/market-driven
-
access_type
512
-
beacon_type
2048
-
host
newstibulum.com,/market-driven
-
http_header1
AAAAEAAAABVIb3N0OiBuZXdzdGlidWx1bS5jb20AAAAKAAAAEUNvbm5lY3Rpb246IGNsb3NlAAAACgAAAD1BY2NlcHQtTGFuZ3VhZ2U6IGZyLUNILCBmcjtxPTAuOSwgZW47cT0wLjgsIGRlO3E9MC43LCAqO3E9MC41AAAABwAAAAAAAAADAAAAAwAAAAIAAAAFQ1NSRj0AAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAAEAAAABVIb3N0OiBuZXdzdGlidWx1bS5jb20AAAAKAAAAEUNvbm5lY3Rpb246IGNsb3NlAAAACgAAABhBY2NlcHQtRW5jb2Rpbmc6IGRlZmxhdGUAAAAKAAAAGENvbnRlbnQtVHlwZTogdGV4dC9wbGFpbgAAAAcAAAABAAAADQAAAAMAAAAEAAAABwAAAAAAAAADAAAAAgAAAA5fX3Nlc3Npb25fX2lkPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
5888
-
polling_time
50
-
port_number
443
-
sc_process32
%windir%\syswow64\gpresult.exe
-
sc_process64
%windir%\sysnative\gpresult.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCEu79zcfHVY7ypXZNjl3cFyzq7Tn6e8rqcfowv/sQzcC2Vr/6kLLvY8YvgMUElT16tYuS5o6GE5afOJydlZThiRkMSOhAGjQHZlqXLi8vgLFxJV7mly2zall8jzDd6nC30mBhvkdld10fCqM5wRJ8tfqto3iUVcDjeLIKEy90+LwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
7.8457344e+07
-
unknown2
AAAABAAAAAIAAAJYAAAAAwAAAAsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/trot
-
user_agent
Mozilla/5.0 (Linux; Android 10; HD1913) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.85 Mobile Safari/537.36 EdgA/93.0.961.53
-
watermark
12345
Targets
-
-
Target
0c28502c4a274420cd77301f2265b62b357769d1988b0a2de2d5fbf507c9d408
-
Size
5.9MB
-
MD5
87a929b09075325dda765e2cb9d3d22b
-
SHA1
ff0217003de40fef22d4b6e8e0366c4177c77e59
-
SHA256
0c28502c4a274420cd77301f2265b62b357769d1988b0a2de2d5fbf507c9d408
-
SHA512
813c202297bf022be93fd659aa5a4ce63c16c23b2585a75cecc3d740ebc892a01f46469b9200a60a1fa5f8ceb2f3c0e8e4ed715ac44c522a7cfa19bbfeb60979
-
SSDEEP
49152:+eUfzW9lg4sE5iXpi1UplYhXYRGADTBOdFsK4/JWAZe39RK7JtcxorYiTiX8dJNr:eCbkE5MpDZ/JiYtcNg5UA6JE3YrvsWh
Score10/10 -