Resubmissions

11-01-2024 14:51

240111-r8jp2safg8 10

18-12-2023 13:56

231218-q8n44acdg8 10

Analysis

  • max time kernel
    146s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-12-2023 13:56

General

  • Target

    10e68f3e6c73161a1bba85ef9bada0cd79e25382ea8f8635bec4aa51bfe6c707.exe

  • Size

    13KB

  • MD5

    99516071d8f3e78e51200948bf377c4c

  • SHA1

    59fe505b24bdfa54ee6e4188ed8b88af9a42eb86

  • SHA256

    10e68f3e6c73161a1bba85ef9bada0cd79e25382ea8f8635bec4aa51bfe6c707

  • SHA512

    4fa7de0e3ceef3231405da70f234b140120568ba5b116f04848cd2f0452213baa05638db8efacf74c8f8b65db7c974e6a49aff34449d7007049921ee93119678

  • SSDEEP

    192:iWuo0OdEZbue7hTthpz5/y9eO5tfwcKExzp:xEwkhZFfN+zp

Malware Config

Extracted

Family

cobaltstrike

C2

http://mail.googlesmail.xyz:2096/home/indexs

Attributes
  • user_agent

    Host: mail.googlesmail.xyz Accept: */* Accept-Encoding: gzip, deflate Content-Type: text/html User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36

Extracted

Family

cobaltstrike

Botnet

1234567890

C2

http://mail.googlesmail.xyz:2096/api/upload/image

Attributes
  • access_type

    512

  • beacon_type

    2048

  • host

    mail.googlesmail.xyz,/api/upload/image

  • http_header1

    AAAAEAAAABpIb3N0OiBtYWlsLmdvb2dsZXNtYWlsLnh5egAAAAoAAAALQWNjZXB0OiAqLyoAAAAKAAAAHkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQAAAAoAAAAXQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwAAAAHAAAAAAAAAA0AAAACAAAAMFNFU1NJT05JRD1BRUpVTDI0TTIzNEwxM0kwQzgxNEtaS0xJT1pMTEFXRTtkYXRhPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAAEAAAABpIb3N0OiBtYWlsLmdvb2dsZXNtYWlsLnh5egAAAAoAAAALQWNjZXB0OiAqLyoAAAAKAAAAHkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQAAAAoAAAAXQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwAAAAHAAAAAAAAAA8AAAANAAAABQAAAAN1aWQAAAAHAAAAAQAAAA8AAAANAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • polling_time

    20000

  • port_number

    2096

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCkC2SRh1hyO73pp9PRYlqeqiwBZm/HxDLtVuEJxAf7dzukLxiq++odfLLQ6MB+4hVknTJAHM9+FWz/O8NN5hSRdjYlyHq3s9fVgMMrh2Rt/JhhJApFsU8tKIJVPUbvs9K6PnBozyo60spLEYz5CIMJqOJrEODvzpmuUCdr1u95CQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    1.599476992e+09

  • unknown2

    AAAABAAAAAEAAABfAAAAAgAAAKgAAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /web/upload/image

  • user_agent

    Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36

  • watermark

    1234567890

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\10e68f3e6c73161a1bba85ef9bada0cd79e25382ea8f8635bec4aa51bfe6c707.exe
    "C:\Users\Admin\AppData\Local\Temp\10e68f3e6c73161a1bba85ef9bada0cd79e25382ea8f8635bec4aa51bfe6c707.exe"
    1⤵
      PID:2864

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2864-0-0x0000025C00B50000-0x0000025C00B51000-memory.dmp
      Filesize

      4KB

    • memory/2864-2-0x0000025C02940000-0x0000025C02D40000-memory.dmp
      Filesize

      4MB

    • memory/2864-3-0x0000025C02D40000-0x0000025C02D8E000-memory.dmp
      Filesize

      312KB

    • memory/2864-4-0x0000025C02D40000-0x0000025C02D8E000-memory.dmp
      Filesize

      312KB