General
-
Target
6d556d01ca3f4ff5a45f965f713df290f4131b60cf0224d959a9f29a685f7f7d
-
Size
3.1MB
-
Sample
240304-ljjqvsga89
-
MD5
2b83f951a1ebe22e2edb237603394c38
-
SHA1
78433d56251217d974610904ddcb63dc2f061908
-
SHA256
6d556d01ca3f4ff5a45f965f713df290f4131b60cf0224d959a9f29a685f7f7d
-
SHA512
1776f65076323aeb3edd342a2d254a7f41306e1a81ba9c872fa119114db556dc40f0e6b6c8ff8745f8aa479cd33f4110022039f82da535371d0273f31ae7ad24
-
SSDEEP
49152:m0ZEgYcimGzYONSCSrc0RU/PmGOpXrbaKyyND5Ako46sm4g1:7mgYcz4YCSii9b9yGDBcs
Static task
static1
Behavioral task
behavioral1
Sample
6d556d01ca3f4ff5a45f965f713df290f4131b60cf0224d959a9f29a685f7f7d.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
6d556d01ca3f4ff5a45f965f713df290f4131b60cf0224d959a9f29a685f7f7d.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
cobaltstrike
1234567890
http://pexpay71.icu:8880/api/3
-
access_type
512
-
host
pexpay71.icu,/api/3
-
http_header1
AAAAEAAAABJIb3N0OiBwZXhwYXk3MS5pY3UAAAAKAAAAC0FjY2VwdDogKi8qAAAACgAAABZBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTAAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAcAAAAAAAAAAwAAAAIAAAAFdXNlcj0AAAABAAAABS5odG1sAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAAEAAAABJIb3N0OiBwZXhwYXk3MS5pY3UAAAAKAAAAC0FjY2VwdDogKi8qAAAACgAAABZBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTAAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAcAAAAAAAAAAwAAAA0AAAACAAAABXVzZXI9AAAAAQAAAAQuYXNwAAAABAAAAAcAAAABAAAAAwAAAA0AAAACAAAABXVzZXI9AAAAAQAAAAQuYXNwAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
POST
-
http_method2
POST
-
jitter
12800
-
polling_time
30000
-
port_number
8880
-
sc_process32
%windir%\syswow64\mfpmp.exe
-
sc_process64
%windir%\sysnative\mfpmp.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCF2lLi44P3JuT7F4OYj0yGtWZc6oow8Y0FzVw3aZqWgOEDYsKd5rtr/82m15hv7yOa0qFkatvKBBttOvZVB4thkaQxllPEE8wJTyYb0lGHD9M6zghuFONzCwP5ofs2kk2HpgMjgrq0IwCyTA5URpC8kHGsFqAUo6rv06ID7FFyDwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
3.580959744e+09
-
unknown2
AAAABAAAAAEAAAAFAAAAAgAAAAUAAAANAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown3
1.610612736e+09
-
uri
/api/4
-
user_agent
<Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/18.177>
-
watermark
1234567890
Targets
-
-
Target
6d556d01ca3f4ff5a45f965f713df290f4131b60cf0224d959a9f29a685f7f7d
-
Size
3.1MB
-
MD5
2b83f951a1ebe22e2edb237603394c38
-
SHA1
78433d56251217d974610904ddcb63dc2f061908
-
SHA256
6d556d01ca3f4ff5a45f965f713df290f4131b60cf0224d959a9f29a685f7f7d
-
SHA512
1776f65076323aeb3edd342a2d254a7f41306e1a81ba9c872fa119114db556dc40f0e6b6c8ff8745f8aa479cd33f4110022039f82da535371d0273f31ae7ad24
-
SSDEEP
49152:m0ZEgYcimGzYONSCSrc0RU/PmGOpXrbaKyyND5Ako46sm4g1:7mgYcz4YCSii9b9yGDBcs
Score10/10 -