General
-
Target
oui.txt
-
Size
657KB
-
Sample
240219-km8nqabg52
-
MD5
7a0345455b6b7d876439cd96ecb5cb42
-
SHA1
ccf96db006b085ee58f8f25ad777a25e2b21a201
-
SHA256
bb263c08867fbef300d995919374c18e6834994846779f6c564c204c8cec7fcc
-
SHA512
9ba8105c7eab7bc4ca7e6a3f9ee18b2eede632afc220ea1069f580a00a536b73654311e782401092fa4f2b3e9176ae52f2da826b2f426028a43a5c686f3ab35c
-
SSDEEP
12288:0kuO+kSDwueHMVjx8rFxTvDpeMRYGaLsqIv5S:upk0eauTrc2lX4
Static task
static1
Behavioral task
behavioral1
Sample
oui.ps1
Resource
win11-20240214-en
Malware Config
Extracted
cobaltstrike
12345
http://gabecreatenew.com:443/professional.js
-
access_type
512
-
beacon_type
2048
-
host
gabecreatenew.com,/professional.js
-
http_header1
AAAAEAAAABdIb3N0OiBnYWJlY3JlYXRlbmV3LmNvbQAAAAoAAAARQ29ubmVjdGlvbjogY2xvc2UAAAAHAAAAAAAAAA0AAAADAAAAAgAAAAZfdXRtYT0AAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAAEAAAABdIb3N0OiBnYWJlY3JlYXRlbmV3LmNvbQAAAAoAAAARQ29ubmVjdGlvbjogY2xvc2UAAAAKAAAAGENvbnRlbnQtVHlwZTogdGV4dC9wbGFpbgAAAAcAAAABAAAADQAAAAMAAAAEAAAABwAAAAAAAAADAAAAAgAAAA5fX3Nlc3Npb25fX2lkPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
20224
-
polling_time
63
-
port_number
443
-
sc_process32
%windir%\syswow64\mstsc.exe
-
sc_process64
%windir%\sysnative\mstsc.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJcGrzJo1VQ2KXXyMfdOtKz4YtWRgIAF8cYYcrE88ucq8ZV4AeE8dyDFekma+XMJDZ2MjIz5UiMlII5k3Q4UTy1YQpgebmFfnKxi7iSv7NTYt8Fmihw/5On7yAgalsgrZJYDB+frCY5Um8zPjqvRZpU3nuKGZYQSZ0y88E+AeR4QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
5.44480256e+08
-
unknown2
AAAABAAAAAIAAAJYAAAAAwAAAA0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/standardized
-
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 GROW-2135 Safari/537.36 OPR/76.0.4017.222
-
watermark
12345
Targets
-
-
Target
oui.txt
-
Size
657KB
-
MD5
7a0345455b6b7d876439cd96ecb5cb42
-
SHA1
ccf96db006b085ee58f8f25ad777a25e2b21a201
-
SHA256
bb263c08867fbef300d995919374c18e6834994846779f6c564c204c8cec7fcc
-
SHA512
9ba8105c7eab7bc4ca7e6a3f9ee18b2eede632afc220ea1069f580a00a536b73654311e782401092fa4f2b3e9176ae52f2da826b2f426028a43a5c686f3ab35c
-
SSDEEP
12288:0kuO+kSDwueHMVjx8rFxTvDpeMRYGaLsqIv5S:upk0eauTrc2lX4
Score10/10 -