General
-
Target
13c27ea6ba97123ffc3cb0a55bae4b2b39a7b3ad3847dfeefe3a742ff76e4a6e
-
Size
210KB
-
Sample
231214-m3wp7sdbar
-
MD5
14d636b4ae9a5d608cd3172eb2f6705b
-
SHA1
ef0e6a3c2b1f72d3a8a1c64c6ed92797ffb9b023
-
SHA256
13c27ea6ba97123ffc3cb0a55bae4b2b39a7b3ad3847dfeefe3a742ff76e4a6e
-
SHA512
3c41aff1da38dae9ceb784b154dca430f7aeaa888b978dffc7c8d27d96c0637976654b4f3f285b37c2d866342552334d3032865f0c6c068a6afd67af6cc9f575
-
SSDEEP
3072:YnT2RRXuwcN3OQX0GIGATr9VV2ILe126JyTuBdjdUk40vGcrZQRjc:YwXupN1gBbRLDTuLjrvp
Behavioral task
behavioral1
Sample
13c27ea6ba97123ffc3cb0a55bae4b2b39a7b3ad3847dfeefe3a742ff76e4a6e.dll
Resource
win7-20231201-en
Behavioral task
behavioral2
Sample
13c27ea6ba97123ffc3cb0a55bae4b2b39a7b3ad3847dfeefe3a742ff76e4a6e.dll
Resource
win10v2004-20231130-en
Malware Config
Extracted
cobaltstrike
1359593325
http://161.129.34.132:80/expresscart/list
-
access_type
512
-
host
161.129.34.132,/expresscart/list
-
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAABAAAAAUSG9zdDogd3d3LmRoZ2F0ZS5jb20AAAAKAAAAIkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZSwgYnIAAAAKAAAAFlNlYy1GZXRjaC1EZXN0OiBpZnJhbWUAAAAKAAAAGFNlYy1GZXRjaC1Nb2RlOiBuYXZpZ2F0ZQAAAAoAAAAbU2VjLUZldGNoLVNpdGU6IHNhbWUtb3JpZ2luAAAABwAAAAAAAAAPAAAADQAAAAIAAAAEdmlkPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAsQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9qc29uO2NoYXJzZXQ9dXRmLTgAAAAKAAAAIkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZSwgYnIAAAAQAAAAHUhvc3Q6IHNob3BwaW5nY2FydC5kaGdhdGUuY29tAAAABwAAAAAAAAAFAAAABmNsaWVudAAAAAcAAAABAAAADwAAAA0AAAACAAAACXsiY2FydElkIgAAAAEAAAAEOiIifQAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
11264
-
polling_time
5954
-
port_number
80
-
sc_process32
%windir%\syswow64\getmac.exe
-
sc_process64
%windir%\sysnative\powercfg.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCYGiQA4NH4xzGSxLy66R8cfPYkaBuWdxeiElgzgD6ZXQTq55lsYbxiHdHG33Szimd04DbL2hSSPrjnQOkP8PBwK8+rEZsLsGXxLhgtHHIBImyx23WFjlD4CHsv9mY4HGRBJ4x6X9KGPYqbQv52Y5G7vyRKFuiQDLRkbP5du/jxlQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
1.281758464e+09
-
unknown2
AAAABAAAAAEAAAkAAAAAAgAAB/AAAAADAAAADwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/checkout/cartSplit/getTotalPrice.do
-
user_agent
Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:109.0) Gecko/20100101 Firefox/113.0
-
watermark
1359593325
Extracted
cobaltstrike
0
-
watermark
0
Targets
-
-
Target
13c27ea6ba97123ffc3cb0a55bae4b2b39a7b3ad3847dfeefe3a742ff76e4a6e
-
Size
210KB
-
MD5
14d636b4ae9a5d608cd3172eb2f6705b
-
SHA1
ef0e6a3c2b1f72d3a8a1c64c6ed92797ffb9b023
-
SHA256
13c27ea6ba97123ffc3cb0a55bae4b2b39a7b3ad3847dfeefe3a742ff76e4a6e
-
SHA512
3c41aff1da38dae9ceb784b154dca430f7aeaa888b978dffc7c8d27d96c0637976654b4f3f285b37c2d866342552334d3032865f0c6c068a6afd67af6cc9f575
-
SSDEEP
3072:YnT2RRXuwcN3OQX0GIGATr9VV2ILe126JyTuBdjdUk40vGcrZQRjc:YwXupN1gBbRLDTuLjrvp
Score10/10 -