General
-
Target
bf7e6cf7ae509c1c37ec0faa0c7c96578894308ba8e8266238dbfec8c70d4f55
-
Size
4.8MB
-
Sample
240221-rw5fzshf65
-
MD5
545c8f70b824083c4493e8ea6f307680
-
SHA1
3ef6d2b6af0eaee669b2991c39398e2aba517adc
-
SHA256
bf7e6cf7ae509c1c37ec0faa0c7c96578894308ba8e8266238dbfec8c70d4f55
-
SHA512
45ff4b72692e39b6259069388ebe7fb274481b3ffd479a74191ec37160e79ec7f9f350f391500e75125284ba8fc535e5d8ade6937c06fe96961a26368dfdde1c
-
SSDEEP
98304:kV7vjyI3n9wEgPq4YImHJ3p6RZv83fNUZlfHhyKkwGK2rs:kJ3nFgPq4YNHJ3YT2glfD7f2
Static task
static1
Behavioral task
behavioral1
Sample
bf7e6cf7ae509c1c37ec0faa0c7c96578894308ba8e8266238dbfec8c70d4f55.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
bf7e6cf7ae509c1c37ec0faa0c7c96578894308ba8e8266238dbfec8c70d4f55.exe
Resource
win10v2004-20240220-en
Malware Config
Extracted
cobaltstrike
391144938
http://10.9.42.86:5555/mall_100_100.html
-
access_type
512
-
host
10.9.42.86,/mall_100_100.html
-
http_header1
AAAACgAAAB5BY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUAAAAKAAAAj0FjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksaW1hZ2UvYXZpZixpbWFnZS93ZWJwLGltYWdlL2FwbmcsKi8qO3E9MC44LGFwcGxpY2F0aW9uL3NpZ25lZC1leGNoYW5nZTt2PWIzO3E9MC45AAAACgAAABxVcGdyYWRlLUluc2VjdXJlLVJlcXVlc3RzOiAxAAAACgAAABpSZWZlcmVyOiBodHRwczovLzEwMDg2LmNuLwAAAAcAAAAAAAAADQAAAAIAAAAFQU5JRD0AAAACAAAAGV9fU2VjdXJlLTNQQVBJU0lEPW5vc2tpbjsAAAABAAAAIztDT05TRU5UPVlFUytDTi56aC1DTisyMDIxMDkxNy0wOS0wAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAAD5Db250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZDsgY2hhcnNldD1VVEYtOAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAMFJlZmVyZXI6IGh0dHBzOi8vc2hvcC4xMDA4Ni5jbi9tYWxsXzEwMF8xMDAuaHRtbAAAAAcAAAAAAAAADQAAAAUAAAAIX19mb3JtaWQAAAAJAAAAFHNyY2hmcm9tPW5SS2p4elpSUnh4AAAACQAAABJmaWVsZG5hbWU9Q3pMdUV4S2wAAAAJAAAAFHNlYXJjaHNvcnRpZD1NYnpTRW5CAAAABwAAAAEAAAANAAAAAgAAACphaWRfPTUyMjAwNTcwNSZhY2N2ZXI9MSZzaG93dHlwZT1lbWJlZCZ1YT0AAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
9472
-
polling_time
30000
-
port_number
5555
-
sc_process32
%windir%\syswow64\runonce.exe
-
sc_process64
%windir%\sysnative\runonce.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxjoU7rhDdH22NnxfFmS+4wJTPNlnoZhwvDQcVx3l+EVmYaQi7WoG2v4/Ciov0lm9n6Nn8pNNikam7Wo4rnGBtSFkT1pjZDth/1JI4VT1JCGPAceuhf2S5Q3K9f4MO3W23+m/OJ/8yCWihhxKgL/ivwpGKKngBeUBX0U3j5YFrowIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
3.03243264e+08
-
unknown2
AAAABAAAAAEAAAglAAAAAgAACCUAAAACAAACyAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/ajax/recharge/recharge.json
-
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4044.62 Safari/537.36
-
watermark
391144938
Targets
-
-
Target
bf7e6cf7ae509c1c37ec0faa0c7c96578894308ba8e8266238dbfec8c70d4f55
-
Size
4.8MB
-
MD5
545c8f70b824083c4493e8ea6f307680
-
SHA1
3ef6d2b6af0eaee669b2991c39398e2aba517adc
-
SHA256
bf7e6cf7ae509c1c37ec0faa0c7c96578894308ba8e8266238dbfec8c70d4f55
-
SHA512
45ff4b72692e39b6259069388ebe7fb274481b3ffd479a74191ec37160e79ec7f9f350f391500e75125284ba8fc535e5d8ade6937c06fe96961a26368dfdde1c
-
SSDEEP
98304:kV7vjyI3n9wEgPq4YImHJ3p6RZv83fNUZlfHhyKkwGK2rs:kJ3nFgPq4YNHJ3YT2glfD7f2
Score10/10 -