General
-
Target
a3e50d5b3cc5e74e83b2191ecb494837
-
Size
281KB
-
Sample
240225-qm6r1sce44
-
MD5
a3e50d5b3cc5e74e83b2191ecb494837
-
SHA1
3446305c2b43e52f530b9d57d6b4d69b22cf5d3c
-
SHA256
bef88c89a30c33158276e730d59a769c6ec9ad45986787e09ca1529ef9971b31
-
SHA512
ee914a5b45d70c9c76a30bb55439f50cbd61424f13222ac228b108d47137b51e00e471b470597a4cac9c2545c6b6d1fd6a025f88e8a62bb2a44bfeee2d9b82be
-
SSDEEP
6144:GCxy5gFbvnLZXzKDLIQH3SYjILUGeQ/6n:aupLZXmnFH3ZjBGep
Static task
static1
Behavioral task
behavioral1
Sample
a3e50d5b3cc5e74e83b2191ecb494837.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a3e50d5b3cc5e74e83b2191ecb494837.exe
Resource
win10v2004-20240221-en
Malware Config
Extracted
cobaltstrike
1847300910
http://auth.tech2wired.com:443/t/assets/refresh.png
-
access_type
512
-
beacon_type
2048
-
host
auth.tech2wired.com,/t/assets/refresh.png
-
http_header1
AAAACgAAABFBY2NlcHQ6IHRleHQvaHRtbAAAAAoAAAAcQWNjZXB0LUxhbmd1YWdlOiBlbi1VUztxPTAuNwAAAAoAAAAVQWNjZXB0LUVuY29kaW5nOiBnemlwAAAACgAAABZDb25uZWN0aW9uOiBLZWVwLUFsaXZlAAAACgAAABdDYWNoZS1Db250cm9sOiBuby1jYWNoZQAAAAcAAAAAAAAAAwAAAAIAAAARZmNfdG9rZW49MTsgc2Vzcz0AAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAABwAAAAEAAAANAAAAAgAAADN7c3RhZ2U6InRlc28wMSIsIGlkOiIwMTgyODE3MjA0OSIsIHVwZGF0ZV9jb250ZW50OiIAAAABAAAAFSIsIGRlYnVnX291dDoiZmFsc2UifQAAAAQAAAAHAAAAAAAAAA0AAAACAAAACF9fcGFpdHo9AAAAAgAAABZkR1Z6ZEdsdVp5QmxiblpwY205dWI7AAAAAQAAAAc7Z3RraWQ9AAAAAQAAAAExAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
12800
-
polling_time
5000
-
port_number
443
-
sc_process32
%windir%\syswow64\gpupdate.exe
-
sc_process64
%windir%\sysnative\gpupdate.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQ4gyp3hx42GpS9MOp2aCfuKLMwKMrUe5io3QmC35zP7+t8Q43RDbFHddzSqnQenJWaGsKfthuHc6PJT0Q1zGx8wz1Qmf2ZmUsdynFivvgOT7NdNSl+EIjIQNekYegeiIJ/0aFvjXZxqyzzj/0E9MwuFGK+2U9XKeTDHrzULKVSQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
1.476399104e+09
-
unknown2
AAAABAAAAAEAAAAoAAAAAgAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/api/v3/categories/update
-
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36
-
watermark
1847300910
Targets
-
-
Target
a3e50d5b3cc5e74e83b2191ecb494837
-
Size
281KB
-
MD5
a3e50d5b3cc5e74e83b2191ecb494837
-
SHA1
3446305c2b43e52f530b9d57d6b4d69b22cf5d3c
-
SHA256
bef88c89a30c33158276e730d59a769c6ec9ad45986787e09ca1529ef9971b31
-
SHA512
ee914a5b45d70c9c76a30bb55439f50cbd61424f13222ac228b108d47137b51e00e471b470597a4cac9c2545c6b6d1fd6a025f88e8a62bb2a44bfeee2d9b82be
-
SSDEEP
6144:GCxy5gFbvnLZXzKDLIQH3SYjILUGeQ/6n:aupLZXmnFH3ZjBGep
Score10/10 -