General
-
Target
14554646166.zip
-
Size
597KB
-
Sample
240125-3g4rpaaehm
-
MD5
f3ffbe22e915baa5685bdaffbf352148
-
SHA1
8f38eb79b855b72f4403d46d483f69135ee9811f
-
SHA256
55148714c8eb7e28f159d3d75b7b70954002058ad586ccf3dac091667c0d3a66
-
SHA512
b8475454072cab32a0c1cfb8cc7a83faace7e31ce546385ff7d4f98aa15ed3962a5dca37ac64203e672fb1b6e9287cdc4538682d839d301e0912ee6c3fe8d39c
-
SSDEEP
12288:TVfY1NHk33xGZiQKx5qv6Yz83JAwZKQsHpDd6wDrIjD:TVfY1O3UKx5qaZ99sHp55O
Static task
static1
Behavioral task
behavioral1
Sample
3e2f5aa0ac14191d983982d46ac1a77c9e4b36b6d5fd71cc26bf19cb29c4723a.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
3e2f5aa0ac14191d983982d46ac1a77c9e4b36b6d5fd71cc26bf19cb29c4723a.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
cobaltstrike
12345
http://homegroupstack.com:443/nod
-
access_type
512
-
beacon_type
2048
-
host
homegroupstack.com,/nod
-
http_header1
AAAAEAAAABhIb3N0OiBob21lZ3JvdXBzdGFjay5jb20AAAAKAAAAEUNvbm5lY3Rpb246IGNsb3NlAAAACgAAACZBY2NlcHQtRW5jb2Rpbmc6IGNvbXByZXNzIGd6aXAgZGVmbGF0ZQAAAAoAAAAqQWNjZXB0LUxhbmd1YWdlOiBkYSwgZW4tZ2I7cT0wLjgsIGVuO3E9MC43AAAABwAAAAAAAAALAAAAAwAAAAIAAAAGZnNzaWQ9AAAABgAAAAZDb29raWUAAAAJAAAACmp1bXA9ZmFsc2UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAAEAAAABhIb3N0OiBob21lZ3JvdXBzdGFjay5jb20AAAAKAAAAEUNvbm5lY3Rpb246IGNsb3NlAAAACgAAABlBY2NlcHQtRW5jb2Rpbmc6IGNvbXByZXNzAAAACgAAAC9Db250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZAAAAAcAAAABAAAACwAAAAMAAAACAAAABmJydXNoPQAAAAQAAAAHAAAAAAAAAAMAAAACAAAADl9fc2Vzc2lvbl9faWQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
6400
-
polling_time
48
-
port_number
443
-
sc_process32
%windir%\syswow64\gpupdate.exe
-
sc_process64
%windir%\sysnative\gpupdate.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCYLh2G739mZQaynQyHXOTt0qJ/mXHDV4M3AII3C5+/xQEMBZSOqeRpAy+Xw0CP4n6mIQmbhgFXolA1VZ3Y5Mxk+1vQQlc1rxE0+gCIBOb+skRYoP7a6p5QF0zPCTRklA0A35sp3D85TrrltViKQfOYB+0u38obSqu9GVyGRpWxywIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
2.941654272e+09
-
unknown2
AAAABAAAAAIAAAFTAAAAAwAAAA8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/bore
-
user_agent
Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36
-
watermark
12345
Targets
-
-
Target
3e2f5aa0ac14191d983982d46ac1a77c9e4b36b6d5fd71cc26bf19cb29c4723a
-
Size
953KB
-
MD5
01b81300fb48995f22c65560ed0cfd05
-
SHA1
0f8e6ce7f89b3557c6cc42defa322a3f225fb5fe
-
SHA256
3e2f5aa0ac14191d983982d46ac1a77c9e4b36b6d5fd71cc26bf19cb29c4723a
-
SHA512
e1250645732c015ed7a73cc36e208155a6069e255add973546b84234196a1d4257ba91bc0ebb7df817304cab15cf4c5ab33479bcb9967079e3d669901b3a3d07
-
SSDEEP
12288:PWw5VIzYZYsnJkfrBtyvILchTxo58WIuj/J6XNi/VqXjD3WDyPSHuec2yie1ESye:Pr5xbS5c2yie1ESytvDMNDKahlnUb
Score10/10 -