General
-
Target
1972-55-0x0000000002C30000-0x0000000003C31000-memory.dmp
-
Size
16.0MB
-
Sample
240303-ztndpagd4x
-
MD5
61de995c28d2acea51248af5df37d175
-
SHA1
da28d02a85e7e927e9126531b3038cdcb5b074cf
-
SHA256
3d92974c5302225327065e11f7678b3d2f96f64e66a1ea2bf6e0fe9b65f9a69c
-
SHA512
b774e28a172a3a468abbbfeaead45ffed5b6a7350a4385680851c492059a6112f2eb6645cef1deecdc4b20f4644c622577ad7402fdfe64cd188f97fb7f004ec0
-
SSDEEP
6144:yJqVG5d1IpMyibgkTZI6jHID90alKBXfH/:y3d6tevoxUBXn
Malware Config
Extracted
cobaltstrike
100000
http://120.78.228.153:443/center/update_
http://120.78.170.89:443/center/update_
http://60.205.203.120:443/center/update_
http://101.200.58.59:443/center/update_
http://47.96.152.43:443/center/update_
http://47.96.184.209:443/center/update_
-
access_type
512
-
beacon_type
2048
-
host
120.78.228.153,/center/update_,120.78.170.89,/center/update_,60.205.203.120,/center/update_,101.200.58.59,/center/update_,47.96.152.43,/center/update_,47.96.184.209,/center/update_
-
http_header1
AAAACgAAAA1BY2NlcHQ6IGltYWdlAAAAEAAAAA1Ib3N0OiAzNjAuY29tAAAACgAAABlSZWZlcmVyOiBodHRwczovLzM2MC5jb20vAAAACgAAAB5BY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUAAAAHAAAAAAAAAA0AAAACAAAACFNFU1NJT049AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAAA1BY2NlcHQ6IGltYWdlAAAAEAAAAA1Ib3N0OiAzNjAuY29tAAAACgAAABlSZWZlcmVyOiBodHRwczovLzM2MC5jb20vAAAACgAAAB5BY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUAAAAHAAAAAAAAAAMAAAAFAAAAB1NFU1NJT04AAAAHAAAAAQAAAA0AAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
2560
-
polling_time
2000
-
port_number
443
-
sc_process32
%windir%\syswow64\dllhost.exe
-
sc_process64
%windir%\sysnative\dllhost.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC00x/YenIm1WvU3f0GohhnnLcHou4dJiz3wNHILmAlAbMYzVUbXJanIwLYvbtLi+UQoZjc5aRwS6qgdE7YOfz9oSs4r9EGsYgtRh4MedK697imUg2eNGhU62Vao9Uv0HSxIDl6GQ7Aw9CHSXuV39gdp+eVFr3PA978yTahEpr3KQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
1.767183616e+09
-
unknown2
AAAABAAAAAEAAAAIAAAAAgAAAAkAAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/center/upload_
-
user_agent
Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.31
-
watermark
100000