General
-
Target
CF.exe
-
Size
1.1MB
-
Sample
240103-fbs2nsega6
-
MD5
03c815469b5dabdd81b41c903ee4991f
-
SHA1
f1bcae1d72d85cb40e4a0d2196a41535bb6d8faa
-
SHA256
556f694bdaff6adf435f8f9b029d4510b886297f0d6ab30a6f2908668bda61aa
-
SHA512
00eaaace99f349b2f491c35694941eed55a1fee6af55569c7173eb7f789f76c2d0b6f4bdafea1d6c4964db384973ca38c0084a64d8130a56f9c4f2198eb51938
-
SSDEEP
24576:VbToFmw7U3/u1PrxduqHi//Ng3Ai1EfkcMSgiZ:1TIm5u1Prymitg3AiefkcbtZ
Static task
static1
Behavioral task
behavioral1
Sample
CF.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
CF.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
cobaltstrike
1359593325
http://a0.awsstatic.com:80/
-
access_type
512
-
host
a0.awsstatic.com,/
-
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAeR2V0Q29udGVudEZlYXR1cmVzLkRMTkEuT1JHOiAxAAAAEAAAACNIb3N0OiBkMWVoNmZrZXdsYXhzNC5jbG91ZGZyb250Lm5ldAAAAAoAAABIQ29va2llOiAgX191dG1hPTUwOTc4ODY2Ny4wNDgyODI4ODA3LjU5NTkzMzc1MDAuNzY3MzgxNjc2NS42NTY2Mjk2NzE2LjU7AAAACQAAAAl2ZXJzaW9uPTQAAAAJAAAADmxpZD05NjIyNDY4NjQ3AAAABwAAAAAAAAAIAAAABQAAAAV0b2tlbgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAQAAAAI0hvc3Q6IGQxZWg2Zmtld2xheHM0LmNsb3VkZnJvbnQubmV0AAAABwAAAAAAAAAFAAAAA3JpZAAAAAkAAAAObGlkPTQ1Nzk0NjMxMDAAAAAJAAAAH21ldGhvZD1nZXRTZWFyY2hSZWNvbW1lbmRhdGlvbnMAAAAHAAAAAQAAAAMAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
2560
-
polling_time
970
-
port_number
80
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCU4Ej/+fRXXgiM8iqMXk/7EEinbIwxij/jzyInJQ4haz7k4G41C1+BI2TpaZASSkYRM9iPBzE6Estft99g/Vy/PTlz3hOW1CdtyMWzZB5Jnni46nhc95YDqTzsbnaoNCIjLbl1sQFr7fCmfKZ8deqUpeVhLpK5//ytPWxsGYp6hwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
7.382016e+08
-
unknown2
AAAABAAAAAIAAAAQAAAAAgAAABAAAAACAAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/radio/xmlrpc/v35
-
user_agent
Mozilla/5.0 (Windows NT 10.0; WOW64)
-
watermark
1359593325
Targets
-
-
Target
CF.exe
-
Size
1.1MB
-
MD5
03c815469b5dabdd81b41c903ee4991f
-
SHA1
f1bcae1d72d85cb40e4a0d2196a41535bb6d8faa
-
SHA256
556f694bdaff6adf435f8f9b029d4510b886297f0d6ab30a6f2908668bda61aa
-
SHA512
00eaaace99f349b2f491c35694941eed55a1fee6af55569c7173eb7f789f76c2d0b6f4bdafea1d6c4964db384973ca38c0084a64d8130a56f9c4f2198eb51938
-
SSDEEP
24576:VbToFmw7U3/u1PrxduqHi//Ng3Ai1EfkcMSgiZ:1TIm5u1Prymitg3AiefkcbtZ
Score10/10 -