General
-
Target
TS-240220-UF7.exe
-
Size
204KB
-
Sample
240220-tzytqabd31
-
MD5
180706b330b507e9f5dbf30fb47c1871
-
SHA1
b00fcfcd58522c435a891c14afd2e6df1718693f
-
SHA256
2d17d857305ffb2df0ec48cd461a038b0b3e719c1e4d76902dfc038ec196cbd5
-
SHA512
2e1b77b31edf5c21eb2752f3ecd6a48a5e31588af5562d228e3171e85b8464cf3d793705fd32be90e25423ce01a102a656f1c03eb4220d042f8631a456f8b71a
-
SSDEEP
3072:shKoz8KKJ39Mr54g1Eqv+H48cOShMQLYAwdxAKRarTtb0Gl:mIKKV29bGjYXOfqYAwRapYGl
Behavioral task
behavioral1
Sample
TS-240220-UF7.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
TS-240220-UF7.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
cobaltstrike
305419896
http://68.183.111.170:443/en_US/all.js
-
access_type
512
-
beacon_type
2048
-
host
68.183.111.170,/en_US/all.js
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_method1
GET
-
http_method2
POST
-
maxdns
255
-
polling_time
60000
-
port_number
443
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCChJ5VRRRERu5aWno+2Ui43z91EoUsP5ibovQzajEId2E00xb9XOCB7aum038Z0gPz5hhl1jwWLyEK8Mj5fdCBd0mkkZqlYGjAcQiQ5AMJEt4+Cl/UFgQOxITj23qRlUGzqW78hJ6SeMcGG06RpxtAUqXIQGv1oBqbUf4kjJcEnwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)
-
watermark
305419896
Targets
-
-
Target
TS-240220-UF7.exe
-
Size
204KB
-
MD5
180706b330b507e9f5dbf30fb47c1871
-
SHA1
b00fcfcd58522c435a891c14afd2e6df1718693f
-
SHA256
2d17d857305ffb2df0ec48cd461a038b0b3e719c1e4d76902dfc038ec196cbd5
-
SHA512
2e1b77b31edf5c21eb2752f3ecd6a48a5e31588af5562d228e3171e85b8464cf3d793705fd32be90e25423ce01a102a656f1c03eb4220d042f8631a456f8b71a
-
SSDEEP
3072:shKoz8KKJ39Mr54g1Eqv+H48cOShMQLYAwdxAKRarTtb0Gl:mIKKV29bGjYXOfqYAwRapYGl
Score1/10 -