General
-
Target
13555199110.zip
-
Size
153KB
-
Sample
231213-r75k5aebhn
-
MD5
d8bee6b1757d8f919cac3a90174dcd75
-
SHA1
57a281978d83907b411260322163e3b79ad3cf9b
-
SHA256
83ac4594d1792825e1ac86f2ad942e98dc16b101198153d05dda9d3996f1117f
-
SHA512
988b5e29a3cadcf815df56362a81e20efe2fdf37ac9f2231a00f31a26b1847fadcf169624bf5936e8821c2023e2b5f516f0869a4c02bcc0cc40808df3455aa60
-
SSDEEP
3072:HzMKx73nmps8ru8x0YdgBz56fM91quwynchWEpzvOFpG0qRSJdJYYW8x:TMc72uSuhoM91qJynYrv2YSvJU8x
Static task
static1
Behavioral task
behavioral1
Sample
7a85bb9a1f18fede923da71f295947dffb3b08eed811f81920e1bc01eaa40737.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
7a85bb9a1f18fede923da71f295947dffb3b08eed811f81920e1bc01eaa40737.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
cobaltstrike
305419896
http://arress.windowshostnamehost.club:8585/load
-
access_type
512
-
host
arress.windowshostnamehost.club,/load
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_method1
GET
-
http_method2
POST
-
maxdns
255
-
polling_time
60000
-
port_number
8585
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCkqdHg/Ebl2vtRtNlho+WOcoJ9lHotN4eMNnfu0GHcLLqNs95QLnt6HMeQ/WcQNE0s5wmoD64wS5/k6W/TmYgU8ogys1Oc6fRNtLDM33vxTwI+jrnIp9iAG+L4qrj/JuFzyvZRka9eCM/iRDmU3xVKS0iKzEIVNU/F3Ur+DiRUPwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; Xbox)
-
watermark
305419896
Targets
-
-
Target
7a85bb9a1f18fede923da71f295947dffb3b08eed811f81920e1bc01eaa40737
-
Size
278KB
-
MD5
edf862421a6e7cf3a1e5d113d8cf10fa
-
SHA1
1fc7581ce5fdb8a3c774af26400cafa2774ad647
-
SHA256
7a85bb9a1f18fede923da71f295947dffb3b08eed811f81920e1bc01eaa40737
-
SHA512
0e1f57ea257eac68962efdfdb297c542e107616b76e828ed805c787408e05cdd77ca3d2e32ea62059e27e4213cec5f66a80d40036eeeb3fe0671e8371213d62e
-
SSDEEP
6144:RRVSXK+mp6M+T4K1mnj9Ua7YgUFFvlO3G:RvSXK+mp6MuRw9neFvlqG
Score10/10 -