General
-
Target
23dc55890bd5e850901c92c1bff95fff
-
Size
856KB
-
Sample
231231-ch92zsbhaj
-
MD5
23dc55890bd5e850901c92c1bff95fff
-
SHA1
a06e20780d409b93509900b336652f0d2e504a5c
-
SHA256
ca2cf63bbe9687eb96d05fe81a6aa2b452e38c53640454ac45f62f3d2f18cc46
-
SHA512
de228f7f7b614f0dc27288602767866324703be1f29c099597069c3572af08389ddaa07678871a84d0743c00612c311429c888694dff97301922aa6cdf6370b4
-
SSDEEP
1536:cyyzxR7Wgecj7aB5Y+f7WWu+Uyg33puiFBjZB3YtGkTOhtecuTKvMJ0Fu09sf3Q6:cY
Static task
static1
Behavioral task
behavioral1
Sample
23dc55890bd5e850901c92c1bff95fff.ps1
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
23dc55890bd5e850901c92c1bff95fff.ps1
Resource
win10v2004-20231222-en
Malware Config
Extracted
cobaltstrike
305419896
http://web.symanteccdn.com:53/_/scs/mail-static/_/js/
-
access_type
512
-
beacon_type
256
-
dns_idle
1.34744072e+08
-
host
web.symanteccdn.com,/_/scs/mail-static/_/js/
-
http_header1
AAAABwAAAAAAAAADAAAAAgAAAAVPU0lEPQAAAAYAAAAGQ29va2llAAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAAAoAAAAfQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuNQAAAAoAAAAeQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlAAAACgAAAAZETlQ6IDEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_header2
AAAACQAAAA11aT1kMzI0NGM0NzA3AAAACQAAAAtob3A9NjkyODYzMgAAAAkAAAAHc3RhcnQ9MAAAAAoAAAA9Q29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQ7Y2hhcnNldD11dGYtOAAAAAcAAAAAAAAAAwAAAAIAAAAFT1NJRD0AAAAGAAAABkNvb2tpZQAAAAcAAAABAAAAAwAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_method1
GET
-
http_method2
POST
-
jitter
3840
-
maxdns
255
-
polling_time
50000
-
port_number
53
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDBRb6drQE84GpU2j1hqgNtb6/jpxufM6HE1LOOUiemMUsM/z4UmbWhLbgPoflld9u3NWXTIOlOxE9NW53/9EaTNcwG+ac0GyK1Ks67vwXFnHxJtSR0ofbJ2fMuSG//6cRsYvkI15eCv6VKtmtnMZykoGf+6+CQt+9KA2hfKvTTWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
5.37071616e+08
-
unknown2
AAAABAAAAAEAAAF3AAAAAQAAAPoAAAACAAAABAAAAAIAAAAcAAAAAgAAACQAAAACAAAAEgAAAAIAAAAEAAAAAgAAABwAAAACAAAAJAAAAAIAAAARAAAAAgAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/mail/u/0/
-
user_agent
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NP08; MAAU; NP08)
-
watermark
305419896
Targets
-
-
Target
23dc55890bd5e850901c92c1bff95fff
-
Size
856KB
-
MD5
23dc55890bd5e850901c92c1bff95fff
-
SHA1
a06e20780d409b93509900b336652f0d2e504a5c
-
SHA256
ca2cf63bbe9687eb96d05fe81a6aa2b452e38c53640454ac45f62f3d2f18cc46
-
SHA512
de228f7f7b614f0dc27288602767866324703be1f29c099597069c3572af08389ddaa07678871a84d0743c00612c311429c888694dff97301922aa6cdf6370b4
-
SSDEEP
1536:cyyzxR7Wgecj7aB5Y+f7WWu+Uyg33puiFBjZB3YtGkTOhtecuTKvMJ0Fu09sf3Q6:cY
Score10/10 -