General
-
Target
b3b77f3cea0160f59bea3f6ab2e767fc
-
Size
221KB
-
Sample
240305-egntgaee89
-
MD5
b3b77f3cea0160f59bea3f6ab2e767fc
-
SHA1
1b21ab867f0bd001fc220a4b254fa42810668568
-
SHA256
11aa5220689c193f7c78f935861f3ce55b842f4bd3c85344a76ceecfbe6a9ede
-
SHA512
2dd37b2d22c211646e55cf445b082a8139623d342e23354685abe23dc33dba0819a005f05aea9e50ac77492d3b916ad81e2c774fb5825288cdbbde5468db7db9
-
SSDEEP
6144:QmwgmHv+U6cJ3ytIhx4CZ2tigmMLw30yTjl:K22iMxvZ2tivMLyFl
Behavioral task
behavioral1
Sample
b3b77f3cea0160f59bea3f6ab2e767fc.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
b3b77f3cea0160f59bea3f6ab2e767fc.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
cobaltstrike
1394017385
http://164.90.137.196:8080/about
-
access_type
512
-
host
164.90.137.196,/about
-
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAABAAAAAUSG9zdDogd3d3LmFkaWVudC5jb20AAAAHAAAAAAAAAAMAAAACAAAABF9nYT0AAAABAAAALk9wdGFub25BbGVydEJveENsb3NlZD0yMDIxLTA4LTEwVDE0OjA4OjExLjk0MFoAAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAQAAAAFEhvc3Q6IHd3dy5hZGllbnQuY29tAAAACQAAAB1fZ2E9R0ExLjIuOTE0MDExNDUuMTYyODYwNDQ4OQAAAAkAAAArQVNQLk5FVF9TZXNzaW9uSWQ9cW41emswd2EzYWt5b2FvMGsxcWdkbXJqOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz04NTI4AAAABwAAAAEAAAADAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
8960
-
polling_time
27400
-
port_number
8080
-
sc_process32
%windir%\syswow64\svchost.exe -k netsvcs
-
sc_process64
%windir%\sysnative\svchost.exe -k netsvcs
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCSYDMbXDQmtppL8XJ6dpUPYzn8d62LrqNgrmn4Qn6hpf05jhx0K1ecVb5lgAYMqKwwGfsy8QClphqyN7XVAwfAN96cZwRTOlIcH1b9qsvifhcRu0C02a6NwTMvt0Fdl9Arx1+wbQXAVG81bj9gZRnMrOrSKdEePqlC7RfVZypxaQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/careers
-
user_agent
Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko
-
watermark
1394017385
Targets
-
-
Target
b3b77f3cea0160f59bea3f6ab2e767fc
-
Size
221KB
-
MD5
b3b77f3cea0160f59bea3f6ab2e767fc
-
SHA1
1b21ab867f0bd001fc220a4b254fa42810668568
-
SHA256
11aa5220689c193f7c78f935861f3ce55b842f4bd3c85344a76ceecfbe6a9ede
-
SHA512
2dd37b2d22c211646e55cf445b082a8139623d342e23354685abe23dc33dba0819a005f05aea9e50ac77492d3b916ad81e2c774fb5825288cdbbde5468db7db9
-
SSDEEP
6144:QmwgmHv+U6cJ3ytIhx4CZ2tigmMLw30yTjl:K22iMxvZ2tivMLyFl
Score10/10 -