General
-
Target
ae63d4c7ec4ff55cef79647e573a0307070da4e24fa0d975e920ba5883c52fc9
-
Size
2.8MB
-
Sample
231231-xq3m4afaf7
-
MD5
8891a56adac16a116aab1e445a1ff93e
-
SHA1
6a15ba79aa246374af95bede3c3dd79da06675fe
-
SHA256
ae63d4c7ec4ff55cef79647e573a0307070da4e24fa0d975e920ba5883c52fc9
-
SHA512
bc9ebe4413fd02315c3edfd35a71d0a57ed48c16093bf5f5aa28227916d350ce2c8762271a23c1e20a5eeb06001be46cfaa9026dda95b14d31ee4064da49188c
-
SSDEEP
49152:fmOml6Cp1GteSFLWwYsISdG8/GNKy7d5arwjPvRELhEka3PsZ:fDLqGteSFLWFSnc5arKP0h3O
Static task
static1
Behavioral task
behavioral1
Sample
ae63d4c7ec4ff55cef79647e573a0307070da4e24fa0d975e920ba5883c52fc9.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
ae63d4c7ec4ff55cef79647e573a0307070da4e24fa0d975e920ba5883c52fc9.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
cobaltstrike
12345
http://therealnewhome.com:443/confess.jpgv
-
access_type
512
-
beacon_type
2048
-
host
therealnewhome.com,/confess.jpgv
-
http_header1
AAAAEAAAABhIb3N0OiB0aGVyZWFsbmV3aG9tZS5jb20AAAAKAAAAEUNvbm5lY3Rpb246IGNsb3NlAAAACgAAABFBY2NlcHQ6IGltYWdlL2dpZgAAAAoAAAA9QWNjZXB0LUxhbmd1YWdlOiBmci1DSCwgZnI7cT0wLjksIGVuO3E9MC44LCBkZTtxPTAuNywgKjtxPTAuNQAAAAcAAAAAAAAACAAAAAMAAAACAAAAB0FXU0FMQj0AAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAAEAAAABhIb3N0OiB0aGVyZWFsbmV3aG9tZS5jb20AAAAKAAAAEUNvbm5lY3Rpb246IGNsb3NlAAAACgAAAC9Db250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZAAAAAcAAAABAAAADQAAAAMAAAACAAAAC2FjY3VtdWxhdGU9AAAABAAAAAcAAAAAAAAAAwAAAAIAAAAOX19zZXNzaW9uX19pZD0AAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
17664
-
polling_time
32
-
port_number
443
-
sc_process32
%windir%\syswow64\regsvr32.exe
-
sc_process64
%windir%\sysnative\regsvr32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCZePp64wzXaO8lerDxYgqrvYB+0xe1vO6XLGA0wrOn7kE/xAcidhZnTmaHSEHSktTpvgSTetwf/fYl5gd1yTQT/N+zDtEfxLhdYrc/is5I66azE6L3lStP92swsAJZr5s02LJAvanBQmRLCNOZdZX9Eyf85kalauvKV926nXRyAQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
7.8457344e+07
-
unknown2
AAAABAAAAAIAAAJYAAAAAwAAAAsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/watch
-
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 OPR/81.0.4196.31 (Edition Yx 05)
-
watermark
12345
Targets
-
-
Target
ae63d4c7ec4ff55cef79647e573a0307070da4e24fa0d975e920ba5883c52fc9
-
Size
2.8MB
-
MD5
8891a56adac16a116aab1e445a1ff93e
-
SHA1
6a15ba79aa246374af95bede3c3dd79da06675fe
-
SHA256
ae63d4c7ec4ff55cef79647e573a0307070da4e24fa0d975e920ba5883c52fc9
-
SHA512
bc9ebe4413fd02315c3edfd35a71d0a57ed48c16093bf5f5aa28227916d350ce2c8762271a23c1e20a5eeb06001be46cfaa9026dda95b14d31ee4064da49188c
-
SSDEEP
49152:fmOml6Cp1GteSFLWwYsISdG8/GNKy7d5arwjPvRELhEka3PsZ:fDLqGteSFLWFSnc5arKP0h3O
Score10/10 -