General
-
Target
229e06ef92563d7aa266d72bc371be97.bin
-
Size
270KB
-
Sample
240303-bmyzvaah81
-
MD5
229e06ef92563d7aa266d72bc371be97
-
SHA1
ee7107c733d9b10eee8210b1039e38d41bafd7e5
-
SHA256
c822a2963e8489d56ab4ce64d31e00419a55e31d8d7dd4cc80f5852bf54191e2
-
SHA512
ce014ded61837bc8c1f11bffc5c2ead043708f6a9202267e412d58161ad665c17e8a17ede0fef7c60238cc5d92ca8858a4c42fed4936e805e9a8787a703cd32b
-
SSDEEP
3072:cGzbINhWl+CIbrqqEVxGsfDCJS4l9JTFyG+JteEzCnL7zSrTGIkfhUYJF6vzEErv:cGzbUNsfDCvT4ZTXzCLTIk5UnrKM
Malware Config
Extracted
cobaltstrike
674054486
http://aspnetcenter.com:80/da.html
-
access_type
512
-
host
aspnetcenter.com,/da.html
-
http_header1
AAAAEAAAABZIb3N0OiBhc3BuZXRjZW50ZXIuY29tAAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAASQWNjZXB0OiBpbWFnZS9qcGVnAAAABwAAAAAAAAANAAAAAwAAAAIAAAArd29yZHByZXNzX2VkMWY2MTdiYmQ2YzAwNGNjMDllMDQ2ZjNjMWI3MTQ4PQAAAAYAAAAGQ29va2llAAAACQAAAAtjbG9zZT1mYWxzZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAAEAAAABZIb3N0OiBhc3BuZXRjZW50ZXIuY29tAAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAAYQ29udGVudC1UeXBlOiB0ZXh0L3BsYWluAAAABwAAAAEAAAAPAAAAAwAAAAQAAAAHAAAAAAAAAAMAAAACAAAADl9fc2Vzc2lvbl9faWQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
9984
-
polling_time
61087
-
port_number
80
-
sc_process32
%windir%\syswow64\svchost.exe
-
sc_process64
%windir%\sysnative\svchost.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCaOo5rF6Su5XwDYKaa12zhYBHbNfY0tiYLq5ie1hnYJXdJdX2YuRSZweHXUPVDRZwvMUrqwkU7gtWHicG4INfV98YVyMrLdhmHZUBi/YOdcZWHZtHLvFD/NW9lLjMwM01/EKLSqFT1/E5dI9JtxxJQfr6PCkxheOSphMCxmlr4xQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
5.44480256e+08
-
unknown2
AAAABAAAAAIAAAJYAAAAAwAAAA0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/mobile-ipad-home
-
user_agent
Mozilla/5.0 (Linux; Android 7.0; Pixel C Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0
-
watermark
674054486
Targets
-
-
Target
229e06ef92563d7aa266d72bc371be97.bin
-
Size
270KB
-
MD5
229e06ef92563d7aa266d72bc371be97
-
SHA1
ee7107c733d9b10eee8210b1039e38d41bafd7e5
-
SHA256
c822a2963e8489d56ab4ce64d31e00419a55e31d8d7dd4cc80f5852bf54191e2
-
SHA512
ce014ded61837bc8c1f11bffc5c2ead043708f6a9202267e412d58161ad665c17e8a17ede0fef7c60238cc5d92ca8858a4c42fed4936e805e9a8787a703cd32b
-
SSDEEP
3072:cGzbINhWl+CIbrqqEVxGsfDCJS4l9JTFyG+JteEzCnL7zSrTGIkfhUYJF6vzEErv:cGzbUNsfDCvT4ZTXzCLTIk5UnrKM
Score1/10 -