General
-
Target
1e4709ae68528459ee177c2c8121f97339356d846ab6beb4fca30d41cd8126e8
-
Size
259KB
-
Sample
240221-jf5g2sda3y
-
MD5
5f6ef1de8f5e502ea6bf1bd701fbae64
-
SHA1
a018dc39308c6055543a3f9ebc8fefbda2ea871f
-
SHA256
1e4709ae68528459ee177c2c8121f97339356d846ab6beb4fca30d41cd8126e8
-
SHA512
ccf610cd587b56512b550e37288b2f0a75ba63bcbc5185c59ead3bed610ece5fe81d480b540c7ce10dc7d8631217aa482ade6cac6faaf20a0600fdd3392fb262
-
SSDEEP
6144:uJqVG5d1IpMyibgkTZI6jHID90acBXDxH/:u3d6tevoxMBXD9
Behavioral task
behavioral1
Sample
1e4709ae68528459ee177c2c8121f97339356d846ab6beb4fca30d41cd8126e8.dll
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
1e4709ae68528459ee177c2c8121f97339356d846ab6beb4fca30d41cd8126e8.dll
Resource
win10v2004-20231215-en
Malware Config
Extracted
cobaltstrike
100000
http://124.221.101.123:8080/cx
-
access_type
512
-
host
124.221.101.123,/cx
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
8080
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCDNXFfUSnRiMrus01oooCz6LOvdmjEE+7t+6lWJPjRacCsjD36xkeHkaQzYHqBIcp+IjzNOQWAkZeqSKWsWAdUzYDFb4JxRk+REfYtFkqJdO6vJYr9HeSBbcvIVifI4mnpePP5LjtfV9x8AHu1EGqJVJ6LIkucf4QWdZlyxuV5pQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
-
watermark
100000
Targets
-
-
Target
1e4709ae68528459ee177c2c8121f97339356d846ab6beb4fca30d41cd8126e8
-
Size
259KB
-
MD5
5f6ef1de8f5e502ea6bf1bd701fbae64
-
SHA1
a018dc39308c6055543a3f9ebc8fefbda2ea871f
-
SHA256
1e4709ae68528459ee177c2c8121f97339356d846ab6beb4fca30d41cd8126e8
-
SHA512
ccf610cd587b56512b550e37288b2f0a75ba63bcbc5185c59ead3bed610ece5fe81d480b540c7ce10dc7d8631217aa482ade6cac6faaf20a0600fdd3392fb262
-
SSDEEP
6144:uJqVG5d1IpMyibgkTZI6jHID90acBXDxH/:u3d6tevoxMBXD9
Score1/10 -