General
-
Target
d89465601305d0c85336d35655161c596472b45ade707f9a481e3e0d36813a22
-
Size
2.4MB
-
Sample
240221-mlgvqaee96
-
MD5
2035b304659f9b37cdcf2b9eaf98dcbc
-
SHA1
1f951c72bb1674b1b43c5dd6ddb5ad6581bdc870
-
SHA256
d89465601305d0c85336d35655161c596472b45ade707f9a481e3e0d36813a22
-
SHA512
5f5790167172bfa5c493902e42bfa83eb381bd4e37f5af0a43e26ce0e4714baa841569293aceab193b8e1666418436e98669f22a9638b7dc0073e4c8194545ea
-
SSDEEP
49152:FzbXtuaxtPvMVAjCcmYgvFisOD1k5NWU20CNzh6/JJJaX:/hvs5NW//h6h
Static task
static1
Behavioral task
behavioral1
Sample
d89465601305d0c85336d35655161c596472b45ade707f9a481e3e0d36813a22.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
d89465601305d0c85336d35655161c596472b45ade707f9a481e3e0d36813a22.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
cobaltstrike
http://149.28.158.45:443/hvGKu8TxLwq9mIhp.js
-
user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENUSMSCOM)
Extracted
cobaltstrike
520
http://149.28.158.45:443/ca
-
access_type
512
-
host
149.28.158.45,/ca
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
443
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDzvdDSaMJyWexl6CTIDqcmw7KpStPxRwqKojoi8gjY5gcl2nd/sFlb5DeZXsJdbzpAzayYYqbVjUX6gguE3J8k6bYWm8vqwkQpfIPHJ/gB+5qa6EOf5xj6SrrLvLy2tt8Q4CgxlYWCc2RRuYutVL/7pb5ECwwGoKEDVtOGEc9AWwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; InfoPath.2; InfoPath.3)
-
watermark
520
Extracted
cobaltstrike
0
-
watermark
0
Targets
-
-
Target
d89465601305d0c85336d35655161c596472b45ade707f9a481e3e0d36813a22
-
Size
2.4MB
-
MD5
2035b304659f9b37cdcf2b9eaf98dcbc
-
SHA1
1f951c72bb1674b1b43c5dd6ddb5ad6581bdc870
-
SHA256
d89465601305d0c85336d35655161c596472b45ade707f9a481e3e0d36813a22
-
SHA512
5f5790167172bfa5c493902e42bfa83eb381bd4e37f5af0a43e26ce0e4714baa841569293aceab193b8e1666418436e98669f22a9638b7dc0073e4c8194545ea
-
SSDEEP
49152:FzbXtuaxtPvMVAjCcmYgvFisOD1k5NWU20CNzh6/JJJaX:/hvs5NW//h6h
Score10/10 -