General
-
Target
742e952df1b270e90c30173b82a1079d
-
Size
2.7MB
-
Sample
240125-j5ja4scdcj
-
MD5
742e952df1b270e90c30173b82a1079d
-
SHA1
eabd33c6803b66b8dc1352c31122a5556122f766
-
SHA256
9c56508772580d824093de42fec9cc5d871136d8440025d31d7010517111c256
-
SHA512
b63dbf4196edf03c3521794e68f5fb4c5a19e16bbaf52fe00525bf16e6a7779bd587fc21bdddd3682b9faa36c1e2b180497d0f496932db1a6296ed8adcc33370
-
SSDEEP
49152:y3AAcEg53n4HYs/VFqAd1+adZx+Wypu/q4G:O323nkVFrZIW+Cq
Static task
static1
Behavioral task
behavioral1
Sample
742e952df1b270e90c30173b82a1079d.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
742e952df1b270e90c30173b82a1079d.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
cobaltstrike
426352781
http://www.cluodfeare.com:443/__utm.gif
-
access_type
512
-
beacon_type
2048
-
host
www.cluodfeare.com,/__utm.gif
-
http_header1
AAAACQAAABJ1dG1hYz1VQS0yMjAyNjA0LTIAAAAJAAAAB3V0bWNuPTEAAAAJAAAAEHV0bWNzPUlTTy04ODU5LTEAAAAJAAAAD3V0bXNyPTEyODB4MTAyNAAAAAkAAAAMdXRtc2M9MzItYml0AAAACQAAAAt1dG11bD1lbi1VUwAAABAAAAAYSG9zdDogd3d3LmNsdW9kZmVhcmUuY29tAAAABwAAAAAAAAAIAAAAAgAAAAZfX3V0bWEAAAAFAAAABXV0bWNjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAAAgAAAAZVQS0yMjAAAAABAAAAAi0yAAAABQAAAAV1dG1hYwAAAAkAAAAHdXRtY249MQAAAAkAAAAQdXRtY3M9SVNPLTg4NTktMQAAAAkAAAAPdXRtc3I9MTI4MHgxMDI0AAAACQAAAAx1dG1zYz0zMi1iaXQAAAAJAAAAC3V0bXVsPWVuLVVTAAAAEAAAABhIb3N0OiB3d3cuY2x1b2RmZWFyZS5jb20AAAAHAAAAAQAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
9472
-
polling_time
3000
-
port_number
443
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4BeqpBdWG1BjuqP2DwffMM1pe5Da6t7IgfHFb9eqiVzvq0xgxQTGNFyYXsMnKImS//2emLsHoCH4997j0CzJbiRqzT1UlrkDcph/kgPdqcCxl+0TkUlresAHjJAWpCj1e7Y6mdb2DWuvK6v1XdaOvqBnq0lstUGeoW4a5NRJcQQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
6.71092736e+08
-
unknown2
AAAABAAAAAIAAAAPAAAAAgAAAA8AAAACAAAACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/___utm.gif
-
user_agent
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2; .NET4.0C; .NET4.0E)
-
watermark
426352781
Targets
-
-
Target
742e952df1b270e90c30173b82a1079d
-
Size
2.7MB
-
MD5
742e952df1b270e90c30173b82a1079d
-
SHA1
eabd33c6803b66b8dc1352c31122a5556122f766
-
SHA256
9c56508772580d824093de42fec9cc5d871136d8440025d31d7010517111c256
-
SHA512
b63dbf4196edf03c3521794e68f5fb4c5a19e16bbaf52fe00525bf16e6a7779bd587fc21bdddd3682b9faa36c1e2b180497d0f496932db1a6296ed8adcc33370
-
SSDEEP
49152:y3AAcEg53n4HYs/VFqAd1+adZx+Wypu/q4G:O323nkVFrZIW+Cq
Score10/10 -