General
-
Target
ef559f93e3f3f8c473884b3a17813d2f5697f0aa800d3619777f6fd821438283
-
Size
1.5MB
-
Sample
240222-jdd73seg32
-
MD5
e031cc975c57a61b74d8f08bb61a9c53
-
SHA1
2dfb1233292301ed5181e5242382f5ac98135c3b
-
SHA256
ef559f93e3f3f8c473884b3a17813d2f5697f0aa800d3619777f6fd821438283
-
SHA512
e02237de35d52795acb3cad0685ba58aab157f68cf8d32115d1d5c1db9a5bd5373e841934233ceb4414c0e2d193f1d60dcad2581634dfd842b7012d566844354
-
SSDEEP
24576:TMyeCDG5zyeXom9Lmko8BB9CQExDbrWjoGPbGPka:4xAG5zy2oj99+joGPUk
Static task
static1
Behavioral task
behavioral1
Sample
ef559f93e3f3f8c473884b3a17813d2f5697f0aa800d3619777f6fd821438283.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
ef559f93e3f3f8c473884b3a17813d2f5697f0aa800d3619777f6fd821438283.exe
Resource
win10v2004-20240221-en
Malware Config
Extracted
cobaltstrike
100000
http://120.79.167.191:443/api/v1/server/user/info
-
access_type
512
-
beacon_type
2048
-
host
120.79.167.191,/api/v1/server/user/info
-
http_header1
AAAACgAAAHlBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LGltYWdlL2FwbmcsKi8qO3E9MC44LGFwcGxpY2F0aW9uL3NpZ25lZC1leGNoYW5nZTt2PWIzO3E9MC45AAAACgAAABtTZWMtRmV0Y2gtU2l0ZTogc2FtZS1vcmlnaW4AAAAKAAAAElNlYy1GZXRjaC1Vc2VyOiA/MQAAAAoAAAAfUmVmZXJlcjogaHR0cHM6Ly93d3cuYmFpZHUuY29tLwAAAAoAAAAeQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlAAAACgAAAB9BY2NlcHQtTGFuZ3VhZ2U6IHpoLUNOLHpoO3E9MC45AAAABwAAAAAAAAADAAAAAgAAADNCSURVUFNJRD1DQjQ5MDYyMkUwNkVENzM1NDQ3MDhGQTZFQzhENzE0OTsgQkFJRFVJRD0AAAABAAAAZTpGRz0xOyBCRF9IT01FPTE7IFpGWT1tSG5SeTpBVUxsVzJWQWZZbjhjUG1nRFJxQ3NCalZ0SVM0UVZmZVYzUjFWQTpDOyBkZWxQZXI9MDsgQkRfQ0tfU0FNPTE7IFBTSU5PPTE7AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAABpYLUNsaWVudC1WZXJzaW9uOiAyMDIxMDgwMwAAAAoAAAApQWNjZXB0OiBhcHBsaWNhdGlvbi9qc29uLCB0ZXh0L3BsYWluLCAqLyoAAAAKAAAAG1NlYy1GZXRjaC1TaXRlOiBzYW1lLW9yaWdpbgAAAAoAAAAUU2VjLUZldGNoLU1vZGU6IGNvcnMAAAAKAAAAH1JlZmVyZXI6IGh0dHBzOi8vYmJzLmJhaWR1LmNvbS8AAAAKAAAAHkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQAAAAcAAAAAAAAADwAAAA0AAAACAAAAEF9fYmFpX2R1aWQ9Rk49MDoAAAABAAAAOzpGRz0xO1BTU0lEPTFfYmNkNTY3ZTA5NjdmODNhMmY0ZGZlYjlhYmJkMGZkMWYxNjY3MjY5NTgwNzg2AAAABgAAAAZDb29raWUAAAAHAAAAAQAAAAMAAAACAAAAWXsiZXZlbnRfdHlwZSI6ImxvYWQiLCJwYWdlIjowMSwidXNlcl9mcm9tIjoid2ViIiwiZXZlbnRfbmFtZSI6InZpc2l0ZWQtaG9tZSIsImxvZ19pbmZvIjoiAAAAAQAAABUiLCJjb2RlIjoiMTE2MDgyMzg4In0AAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
5120
-
polling_time
10000
-
port_number
443
-
sc_process32
%windir%\syswow64\dllhost.exe
-
sc_process64
%windir%\sysnative\dllhost.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCishNvc3gsVc6u/ZLU7CfOlhOG+8Kgqpj3/oi9BPSIn+AaLcu1RE9FE7Pi9pDP4hUAIfxHgKQvPysVhIRVGFQ62+6T80TAWqV9f3HJPmlqmANPKd8J7lKGgRKD2qSzceQgxDK6aVjV1ROQA3UWGYWJPZw5+s/Ci3809qif6ziUUQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
8.44502272e+08
-
unknown2
AAAABAAAAAEAAAAlAAAAAgAAALUAAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/api/v1/server/log
-
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36
-
watermark
100000
Targets
-
-
Target
ef559f93e3f3f8c473884b3a17813d2f5697f0aa800d3619777f6fd821438283
-
Size
1.5MB
-
MD5
e031cc975c57a61b74d8f08bb61a9c53
-
SHA1
2dfb1233292301ed5181e5242382f5ac98135c3b
-
SHA256
ef559f93e3f3f8c473884b3a17813d2f5697f0aa800d3619777f6fd821438283
-
SHA512
e02237de35d52795acb3cad0685ba58aab157f68cf8d32115d1d5c1db9a5bd5373e841934233ceb4414c0e2d193f1d60dcad2581634dfd842b7012d566844354
-
SSDEEP
24576:TMyeCDG5zyeXom9Lmko8BB9CQExDbrWjoGPbGPka:4xAG5zy2oj99+joGPUk
Score10/10 -