General
-
Target
work.zip
-
Size
146KB
-
Sample
240130-mtjdhsffdl
-
MD5
8194ec2669a12a783fa46176b7225939
-
SHA1
5da93eeab9e1ee54b5abef9de07c41015c7f0495
-
SHA256
9daa8dff9b308513660f01f3dbec5cd1ba3cc6745f26fac102bb3531ca6fb587
-
SHA512
30dc5aa95c2c0936979d4c79071138a7f349febf8dd35e7dadce2baa71d2eb3fa9dc2e9fc7c6c3a211f83d805bdb31b2be4460352c31db86eb213fb297568991
-
SSDEEP
3072:67HATNffbQZ4CHhqYKLRhSo4/uuhrqAPyqtZJ3sAJt1o1RavC5G:67gZffq+YMy71TPyqtP3sAbiRavC5G
Static task
static1
Behavioral task
behavioral1
Sample
Arsc.exe
Resource
win7-20231129-en
Malware Config
Extracted
cobaltstrike
426352781
http://178.128.81.147:3939/updates
-
access_type
512
-
host
178.128.81.147,/updates
-
http_header1
AAAABwAAAAAAAAALAAAAAgAAAAV1c2VyPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAABJBY2NlcHQ6IHRleHQvcGxhaW4AAAAKAAAAFkFjY2VwdC1MYW5ndWFnZTogZW4tdXMAAAAKAAAAG0FjY2VwdC1FbmNvZGluZzogdGV4dC9wbGFpbgAAAAoAAAAvQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQAAAAHAAAAAAAAAAgAAAAFAAAAAmlkAAAABwAAAAEAAAADAAAAAgAAADsmb3A9MSZpZD12eGV5a1MmdWk9Sm9zaCBAClBDJnd2PTExJmdyPWJhY2tvZmYmYnY9MS41NSZkYXRhPQAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
2560
-
polling_time
5000
-
port_number
3939
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCYculBeZmrbMS1tUHgTa52vQn/jGzbJuxK3983bRJiS0d0xvEEpjfJ2NEtptZBL9yhhf8IIwbMBDqJj4fuVvUsHrQ26Zkxv0KrEuuIo60BUZ43Fcvi1VF555t4NL1wMOMPoz9NcxpSJ1Z+Am4vlaGTSg/Fxx6/0/Mh+UQMcZYvOwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
1.481970944e+09
-
unknown2
AAAABAAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/aircanada/dark.php
-
user_agent
Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Firefox/24.0
-
watermark
426352781
Targets
-
-
Target
Arsc.exe
-
Size
278KB
-
MD5
6a4ed3098dbb71755fa1e160a6aa461a
-
SHA1
2ed9754964ffc5a1e555a3796cf0f22be4cd4fbf
-
SHA256
a71bb14f6ce7b1c6b021303cb76d01ab415c5a9ef18f853ac21c554cfa0b3672
-
SHA512
fff3ece980dbb3c589d88fdc3d5ebe2b82fb895c9fc7e92b91b09bba3c9bbdb5798a1819a1c59e514c99d74ccbbba6da0efc930b4ec82ae04d4c0d7dc2906b0d
-
SSDEEP
3072:7RQpBhyKgvqE9QvNgoLDPtHmSZQrDERejlDaw28oAejuZYBOhzhWUj6n:7R6h5gvqdlgWhmSZQftawx0Jmz/+n
Score10/10 -