General
-
Target
file.0xc887193cf0d0.0xc88717e59010.ImageSectionObject.cs.exe.img
-
Size
292KB
-
Sample
240212-1cyc1ace7v
-
MD5
6811bbfcb04c5815631f75ffde16893e
-
SHA1
dbb826266d35c858772d2d3d4c29a6be4d1f3906
-
SHA256
3515458ab170d51e47c5f9303923fbf578d764884333287701084a7bb19e2bb7
-
SHA512
345d90e5465c9a581f6ae2c160980daaf6a29025ba13b01d6a5aa9bb77f02d41632209efe5dfbc1b400974d5b9f26fd0a26dba6bd7efae29c7cee722ba18a3a1
-
SSDEEP
6144:+5m4SMVk8n/gbwEJKzyd4w8Z2F6Vx7PXLcQG9:+cTMVkC/2U1U6fLdG9
Static task
static1
Behavioral task
behavioral1
Sample
file.0xc887193cf0d0.0xc88717e59010.ImageSectionObject.cs.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
cobaltstrike
391144938
http://198.51.100.33:80/push
-
access_type
512
-
host
198.51.100.33,/push
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
80
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWRNcpRO6NrvOJdZtMYjq77lk0AsCyBsQumR5cFxXjbF7y92EsLp/y8OPJ4yl+dXHAHIjCFoejlq+oG3F4Ll8tazzX49hnk3kYuBkhgHhR4jPnqrCwJy6Senxua/HbT6R9mHJzU1DqFVVEuNsEtqD+2NSslngU+Hdw99MmrvOINwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MAARJS)
-
watermark
391144938
Targets
-
-
Target
file.0xc887193cf0d0.0xc88717e59010.ImageSectionObject.cs.exe.img
-
Size
292KB
-
MD5
6811bbfcb04c5815631f75ffde16893e
-
SHA1
dbb826266d35c858772d2d3d4c29a6be4d1f3906
-
SHA256
3515458ab170d51e47c5f9303923fbf578d764884333287701084a7bb19e2bb7
-
SHA512
345d90e5465c9a581f6ae2c160980daaf6a29025ba13b01d6a5aa9bb77f02d41632209efe5dfbc1b400974d5b9f26fd0a26dba6bd7efae29c7cee722ba18a3a1
-
SSDEEP
6144:+5m4SMVk8n/gbwEJKzyd4w8Z2F6Vx7PXLcQG9:+cTMVkC/2U1U6fLdG9
Score10/10 -