General
-
Target
b.exe
-
Size
278KB
-
Sample
240122-px92ragah9
-
MD5
3286e54a6bbd7f4acec0fcb9eabb5ee2
-
SHA1
917ba8acfbc274b6ce6d84496529e26db4cec773
-
SHA256
3f9ea0dd34757f1a6e0a83df86f840fb416122a528d2f3a8903259385f28ecfe
-
SHA512
e72a25b758ab878d66dee5793614bf76f13b70fb312549cfcf0a3f92a56257327b763c189c3d2214aa2430592c6d1a833bd392b201b35d931a551689011ceb76
-
SSDEEP
3072:aRlvyCmwFlfu5uknHDAEjlaZWrAGmcHo5Q73ak170MAHnrLA9k6TDKT:aRRyCJm5uUcsAvcHo5Q7Kkh0rXak6S
Static task
static1
Behavioral task
behavioral1
Sample
b.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
b.exe
Resource
win10v2004-20231222-en
Malware Config
Extracted
cobaltstrike
1359593325
http://60.204.135.117:80/pixel
-
access_type
512
-
host
60.204.135.117,/pixel
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
80
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDT9913U+wf/Yp5rh1h6x1hYmstztmZn8cW05I9D7C7dkkAceRZHdJCSl93fe6IG7SxN3uzjAmGdRjbcvdyHkQg3D33z9KZwjA2cWuNdCYt8yiPoxXHw0NqIlw+AadwwKYa+3ezHbimQkp0P64lYGGzIVxBNRj3sWMLxNyZaS3HvwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; MANM; MANM)
-
watermark
1359593325
Targets
-
-
Target
b.exe
-
Size
278KB
-
MD5
3286e54a6bbd7f4acec0fcb9eabb5ee2
-
SHA1
917ba8acfbc274b6ce6d84496529e26db4cec773
-
SHA256
3f9ea0dd34757f1a6e0a83df86f840fb416122a528d2f3a8903259385f28ecfe
-
SHA512
e72a25b758ab878d66dee5793614bf76f13b70fb312549cfcf0a3f92a56257327b763c189c3d2214aa2430592c6d1a833bd392b201b35d931a551689011ceb76
-
SSDEEP
3072:aRlvyCmwFlfu5uknHDAEjlaZWrAGmcHo5Q73ak170MAHnrLA9k6TDKT:aRRyCJm5uUcsAvcHo5Q7Kkh0rXak6S
Score10/10 -