Overview

overview

3

Static

static

3

GOTOBED (6...rp.dll

windows10-2004-x64

1

GOTOBED (6...le.dll

windows10-2004-x64

1

GOTOBED (6...le.dll

windows10-2004-x64

1

GOTOBED (6...le.dll

windows10-2004-x64

1

GOTOBED (6...le.dll

windows10-2004-x64

1

GOTOBED (6...le.dll

windows10-2004-x64

1

GOTOBED (6...le.dll

windows10-2004-x64

1

GOTOBED (6...le.dll

windows10-2004-x64

1

GOTOBED (6...le.dll

windows10-2004-x64

1

GOTOBED (6...le.dll

windows10-2004-x64

1

GOTOBED (6...le.dll

windows10-2004-x64

1

GOTOBED (6...le.dll

windows10-2004-x64

1

GOTOBED (6...le.dll

windows10-2004-x64

1

GOTOBED (6...le.dll

windows10-2004-x64

1

GOTOBED (6...le.dll

windows10-2004-x64

1

GOTOBED (6...le.dll

windows10-2004-x64

1

GOTOBED (6...le.dll

windows10-2004-x64

1

GOTOBED (6...le.dll

windows10-2004-x64

1

GOTOBED (6...le.dll

windows10-2004-x64

1

GOTOBED (6...le.dll

windows10-2004-x64

1

GOTOBED (6...le.dll

windows10-2004-x64

1

GOTOBED (6...le.dll

windows10-2004-x64

1

GOTOBED (6...le.dll

windows10-2004-x64

1

GOTOBED (6...le.dll

windows10-2004-x64

1

GOTOBED (6...le.dll

windows10-2004-x64

1

GOTOBED (6...le.dll

windows10-2004-x64

1

GOTOBED (6...le.dll

windows10-2004-x64

1

GOTOBED (6...le.dll

windows10-2004-x64

1

GOTOBED (6...le.dll

windows10-2004-x64

1

GOTOBED (6...le.dll

windows10-2004-x64

1

GOTOBED (6...le.dll

windows10-2004-x64

1

GOTOBED (6...le.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    137s
  • max time network
    167s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-de
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-delocale:de-deos:windows10-2004-x64systemwindows
  • submitted
    27/02/2024, 20:47 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    GOTOBED (64bit)/Go To Bed_Data/Managed/UnityEngine.AnimationModule.dll

  • Size

    160KB

  • MD5

    854acbfd42be69309050fd2c89153f41

  • SHA1

    87bcafce0073897d429a38e14e437970dd04f36a

  • SHA256

    7f39baec88003dbb990412394c9801c92a724114635952eb9d13b402be0360f9

  • SHA512

    8e2d9621bc7e95613361f0fd3497ee2c82b9e5928d5b55544c1c697a7f22858857a06a906337af2ce7b956c19c7da9455c2edb9c40d0807d66d317650c2456a2

  • SSDEEP

    3072:b5a6AwpFcgOBSGbYTjWDm2nL432S9pEModsiSznHTfx:HrpC3BhICK2nL432S9pEcn

Score
1/10

Malware Config

Signatures

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe "C:\Users\Admin\AppData\Local\Temp\GOTOBED (64bit)\Go To Bed_Data\Managed\UnityEngine.AnimationModule.dll",#1
    1⤵
      PID:4708

    Network

    • flag-us
      DNS
      178.223.142.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      178.223.142.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      68.159.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      68.159.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      31.179.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      31.179.17.96.in-addr.arpa
      IN PTR
      Response
      31.179.17.96.in-addr.arpa
      IN PTR
      a96-17-179-31deploystaticakamaitechnologiescom
    • flag-us
      DNS
      9.228.82.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      9.228.82.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      133.32.126.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      133.32.126.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      88.156.103.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      88.156.103.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      g.bing.com
      Remote address:
      8.8.8.8:53
      Request
      g.bing.com
      IN A
      Response
      g.bing.com
      IN CNAME
      g-bing-com.a-0001.a-msedge.net
      g-bing-com.a-0001.a-msedge.net
      IN CNAME
      dual-a-0001.a-msedge.net
      dual-a-0001.a-msedge.net
      IN A
      204.79.197.200
      dual-a-0001.a-msedge.net
      IN A
      13.107.21.200
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=14b6afb074e54874bda2ec8492a0625f&localId=w:3145D295-4B7E-91F5-7BDA-FD520C561674&deviceId=6825825924697211&anid=
      Remote address:
      204.79.197.200:443
      Request
      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=14b6afb074e54874bda2ec8492a0625f&localId=w:3145D295-4B7E-91F5-7BDA-FD520C561674&deviceId=6825825924697211&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MUID=0394A26CD31A68430868B65ED2A16904; domain=.bing.com; expires=Sun, 23-Mar-2025 20:50:07 GMT; path=/; SameSite=None; Secure; Priority=High;
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 15FC26C39CDF4D6EB160B58BA974C1EF Ref B: LON04EDGE0908 Ref C: 2024-02-27T20:50:07Z
      date: Tue, 27 Feb 2024 20:50:06 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=14b6afb074e54874bda2ec8492a0625f&localId=w:3145D295-4B7E-91F5-7BDA-FD520C561674&deviceId=6825825924697211&anid=
      Remote address:
      204.79.197.200:443
      Request
      GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=14b6afb074e54874bda2ec8492a0625f&localId=w:3145D295-4B7E-91F5-7BDA-FD520C561674&deviceId=6825825924697211&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=0394A26CD31A68430868B65ED2A16904
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MSPTC=Z8NbPAfe3tY9w3AecOZScFujP5HNiMve-bqrktxe3j8; domain=.bing.com; expires=Sun, 23-Mar-2025 20:50:07 GMT; path=/; Partitioned; secure; SameSite=None
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: B6B3665707CD4D06901CB7108C63E5D8 Ref B: LON04EDGE0908 Ref C: 2024-02-27T20:50:07Z
      date: Tue, 27 Feb 2024 20:50:06 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=14b6afb074e54874bda2ec8492a0625f&localId=w:3145D295-4B7E-91F5-7BDA-FD520C561674&deviceId=6825825924697211&anid=
      Remote address:
      204.79.197.200:443
      Request
      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=14b6afb074e54874bda2ec8492a0625f&localId=w:3145D295-4B7E-91F5-7BDA-FD520C561674&deviceId=6825825924697211&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=0394A26CD31A68430868B65ED2A16904; MSPTC=Z8NbPAfe3tY9w3AecOZScFujP5HNiMve-bqrktxe3j8
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: CDE9803A30AF4E5C902F5545F397E6A7 Ref B: LON04EDGE0908 Ref C: 2024-02-27T20:50:07Z
      date: Tue, 27 Feb 2024 20:50:06 GMT
    • flag-us
      DNS
      11.2.37.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      11.2.37.23.in-addr.arpa
      IN PTR
      Response
      11.2.37.23.in-addr.arpa
      IN PTR
      a23-37-2-11deploystaticakamaitechnologiescom
    • flag-us
      DNS
      241.154.82.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      241.154.82.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      157.123.68.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      157.123.68.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      198.187.3.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      198.187.3.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      134.71.91.104.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      134.71.91.104.in-addr.arpa
      IN PTR
      Response
      134.71.91.104.in-addr.arpa
      IN PTR
      a104-91-71-134deploystaticakamaitechnologiescom
    • flag-us
      DNS
      31.243.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      31.243.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      29.179.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      29.179.17.96.in-addr.arpa
      IN PTR
      Response
      29.179.17.96.in-addr.arpa
      IN PTR
      a96-17-179-29deploystaticakamaitechnologiescom
    • flag-us
      DNS
      91.16.208.104.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      91.16.208.104.in-addr.arpa
      IN PTR
      Response
    • 204.79.197.200:443
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=14b6afb074e54874bda2ec8492a0625f&localId=w:3145D295-4B7E-91F5-7BDA-FD520C561674&deviceId=6825825924697211&anid=
      tls, http2
      2.0kB
       9.2kB
       21
      18

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=14b6afb074e54874bda2ec8492a0625f&localId=w:3145D295-4B7E-91F5-7BDA-FD520C561674&deviceId=6825825924697211&anid=

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=14b6afb074e54874bda2ec8492a0625f&localId=w:3145D295-4B7E-91F5-7BDA-FD520C561674&deviceId=6825825924697211&anid=

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=14b6afb074e54874bda2ec8492a0625f&localId=w:3145D295-4B7E-91F5-7BDA-FD520C561674&deviceId=6825825924697211&anid=

      HTTP Response

      204
    • 8.8.8.8:53
      178.223.142.52.in-addr.arpa
      dns
      73 B
       147 B
       1
      1

      DNS Request

      178.223.142.52.in-addr.arpa

    • 8.8.8.8:53
      68.159.190.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      68.159.190.20.in-addr.arpa

    • 8.8.8.8:53
      31.179.17.96.in-addr.arpa
      dns
      71 B
       135 B
       1
      1

      DNS Request

      31.179.17.96.in-addr.arpa

    • 8.8.8.8:53
      9.228.82.20.in-addr.arpa
      dns
      70 B
       156 B
       1
      1

      DNS Request

      9.228.82.20.in-addr.arpa

    • 8.8.8.8:53
      133.32.126.40.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      133.32.126.40.in-addr.arpa

    • 8.8.8.8:53
      88.156.103.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      88.156.103.20.in-addr.arpa

    • 8.8.8.8:53
      g.bing.com
      dns
      56 B
       158 B
       1
      1

      DNS Request

      g.bing.com

      DNS Response

      204.79.197.200
      13.107.21.200

    • 8.8.8.8:53
      11.2.37.23.in-addr.arpa
      dns
      69 B
       131 B
       1
      1

      DNS Request

      11.2.37.23.in-addr.arpa

    • 8.8.8.8:53
      241.154.82.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      241.154.82.20.in-addr.arpa

    • 8.8.8.8:53
      157.123.68.40.in-addr.arpa
      dns
      72 B
       146 B
       1
      1

      DNS Request

      157.123.68.40.in-addr.arpa

    • 8.8.8.8:53
      198.187.3.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      198.187.3.20.in-addr.arpa

    • 8.8.8.8:53
      134.71.91.104.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      134.71.91.104.in-addr.arpa

    • 8.8.8.8:53
      31.243.111.52.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      31.243.111.52.in-addr.arpa

    • 8.8.8.8:53
      29.179.17.96.in-addr.arpa
      dns
      71 B
       135 B
       1
      1

      DNS Request

      29.179.17.96.in-addr.arpa

    • 8.8.8.8:53
      91.16.208.104.in-addr.arpa
      dns
      72 B
       146 B
       1
      1

      DNS Request

      91.16.208.104.in-addr.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.