General
-
Target
3f27e8254b53678af0b5863a9a54304f
-
Size
190KB
-
Sample
231219-rhe9yaefa3
-
MD5
3f27e8254b53678af0b5863a9a54304f
-
SHA1
3ed13e2d8891eb91c0fde26c780e7eea79358e11
-
SHA256
ed35fa431d116906fcdd3a2128301eb393cc25948d37be089142446cf93546ea
-
SHA512
3490f6d4e54112c860c4da05a34eaa8215c8c4f95c4830edb8d4d3c0e3abe0cc28f3299a9af0506c52ac317e0e78d66c1440320d95f5cae341b2974870d0dc6c
-
SSDEEP
3072:e/pd7wTQey1dfhI4Ih5+G3Q6694B92EWvPp/pHNvoVsej5Hb6zik:eRQ+fhIlT/04B985v2zbk
Behavioral task
behavioral1
Sample
3f27e8254b53678af0b5863a9a54304f.ps1
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
3f27e8254b53678af0b5863a9a54304f.ps1
Resource
win10v2004-20231201-en
Malware Config
Extracted
cobaltstrike
426352781
http://45.141.79.119:80/push
-
access_type
512
-
host
45.141.79.119,/push
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
80
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCNG0JqAnzpb7S5Hwz8H+vmtlTHr0slO36ILE4OTU/PEHfQY0mlzmwI1h1hlIBac+Ufp1CsQvLVJtvVQMzsbd9cl6OO25ynJ7udqPATFHIbr6ZwDcBeU5e08zkT5P6Ql+Sor3vzBMUnwkzgQIDZ782we0suwiduJ4PeTpRwTWWIxQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; QQDownload 733; .NET CLR 2.0.50727)
-
watermark
426352781
Targets
-
-
Target
3f27e8254b53678af0b5863a9a54304f
-
Size
190KB
-
MD5
3f27e8254b53678af0b5863a9a54304f
-
SHA1
3ed13e2d8891eb91c0fde26c780e7eea79358e11
-
SHA256
ed35fa431d116906fcdd3a2128301eb393cc25948d37be089142446cf93546ea
-
SHA512
3490f6d4e54112c860c4da05a34eaa8215c8c4f95c4830edb8d4d3c0e3abe0cc28f3299a9af0506c52ac317e0e78d66c1440320d95f5cae341b2974870d0dc6c
-
SSDEEP
3072:e/pd7wTQey1dfhI4Ih5+G3Q6694B92EWvPp/pHNvoVsej5Hb6zik:eRQ+fhIlT/04B985v2zbk
Score10/10-
Blocklisted process makes network request
-