General
-
Target
9d929251de63279c6277862c63317ce8
-
Size
270KB
-
Sample
240118-g228psebcm
-
MD5
9d929251de63279c6277862c63317ce8
-
SHA1
2902f9deae6aecc5bd3e575bc4d702eaceba441b
-
SHA256
4c0ed4803eb4f0732c5adbebc42345d2d7f1438ca1f57d9ee56108e9130a1349
-
SHA512
1c58f0f0400dbd0dc4b301bb06c69af825d054cf18a69b65b3a4e14202f6c186e0b8503fe9226cfe5bd17dfac9d03d1eb6ea73ad45927404efb386b8336f6c55
-
SSDEEP
3072:+zbINhWl+CIbfqqEVxtfg8jtfDCJS4l9JTFyG+JteEzCnL7zJCGIkfhUYJF6vzH1:+zbUWootfDCvT4ZTXzCLDIk5UDRrKM
Behavioral task
behavioral1
Sample
9d929251de63279c6277862c63317ce8.dll
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
9d929251de63279c6277862c63317ce8.dll
Resource
win10v2004-20231222-en
Malware Config
Extracted
cobaltstrike
391144938
http://service-18c6z8nb-1303896379.sh.tencentapigw.cn:443/api/x
-
access_type
512
-
beacon_type
2048
-
host
service-18c6z8nb-1303896379.sh.tencentapigw.cn,/api/x
-
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAcAAAAAAAAAAwAAAAIAAAAKU0VTU0lPTklEPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAcAAAAAAAAAAwAAAAIAAAAJSlNFU1NJT049AAAABgAAAAZDb29raWUAAAAHAAAAAQAAAAMAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
5000
-
port_number
443
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCc2heXUBrRHG7d32CNZ4unoIajbLUVu1bZqvywGWGDilmp7GWLaHToZCmP+DXpmEjdtXWjgvldKfqhp2CWBfHeQEqtpc/aMtPBTFWQVviD2W5Gv1s4UuXoTiaHrFG5zdt16LRLkHbANUznMedqelWO5BTxuUPCpokB7rX+tuRc8QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
1.481970944e+09
-
unknown2
AAAABAAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/api/y
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:80.0) Gecko/20100101 Firefox/80.0
-
watermark
391144938
Targets
-
-
Target
9d929251de63279c6277862c63317ce8
-
Size
270KB
-
MD5
9d929251de63279c6277862c63317ce8
-
SHA1
2902f9deae6aecc5bd3e575bc4d702eaceba441b
-
SHA256
4c0ed4803eb4f0732c5adbebc42345d2d7f1438ca1f57d9ee56108e9130a1349
-
SHA512
1c58f0f0400dbd0dc4b301bb06c69af825d054cf18a69b65b3a4e14202f6c186e0b8503fe9226cfe5bd17dfac9d03d1eb6ea73ad45927404efb386b8336f6c55
-
SSDEEP
3072:+zbINhWl+CIbfqqEVxtfg8jtfDCJS4l9JTFyG+JteEzCnL7zJCGIkfhUYJF6vzH1:+zbUWootfDCvT4ZTXzCLDIk5UDRrKM
Score10/10 -