General
-
Target
inform.iso
-
Size
1.2MB
-
Sample
240308-1tg3cagg69
-
MD5
4af2a3d07062d5d28dad7d3a6dfb0b4b
-
SHA1
c841e9cc56735a353e0e52c7a81fe9ca3bfe4aac
-
SHA256
34e7482d689429745dd3866caf5ddd5de52a179db7068f6b545ff51542abb76c
-
SHA512
3559c57afc6e85c1d5dfea64f5a22b87cfba38877feb877ff2960886422413498d3dedd42df9ba712a0bd187bf8f01941a92f9d26a9714bb32262809a9cd3074
-
SSDEEP
3072:NaIhrdRZoUa294RWQfNKfleJxWJFT7rT16H09Ho78xjtAhF8+Fg:N3RNaUGWQfBx4A0dXqhFfF
Static task
static1
Behavioral task
behavioral1
Sample
bin/WinScrollbarForUninitialize.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
bin/WinScrollbarForUninitialize.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
information.lnk
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
information.lnk
Resource
win10v2004-20240226-en
Malware Config
Extracted
cobaltstrike
1359593325
http://theskoolieblog.com:443/blog/2019/1q
-
access_type
512
-
beacon_type
2048
-
host
theskoolieblog.com,/blog/2019/1q
-
http_header1
AAAACgAAABdDb250ZW50LVR5cGU6IHRleHQvaHRtbAAAAAoAAAAXQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUAAAAHAAAAAAAAAAgAAAABAAAABC50eHQAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACFDb250ZW50LVR5cGU6IG11bHRpcGFydC9mb3JtLWRhdGEAAAAKAAAAF0NhY2hlLUNvbnRyb2w6IG5vLWNhY2hlAAAABwAAAAAAAAALAAAAAQAAAAcvdXBsb2FkAAAADAAAAAcAAAABAAAADQAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
7680
-
polling_time
60000
-
port_number
443
-
sc_process32
%windir%\syswow64\dllhost.exe
-
sc_process64
%windir%\sysnative\dllhost.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCmvg7ZMKuOy4b6zWQZu+OPtbyHRJvw2SFM1xPY8rgejFcFyo5c0JZTdjIsn1/P29ZHyiCMAuyxMFk9UWg3sWeZKknb1v6+NFQcMLyYjctXQuOnpEVJ17M2T+iOkUvMoBwBdWaNEPTDbJS8M+NIGXgkYR60ozQfEMWwIICwK89i+wIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
1.481970944e+09
-
unknown2
AAAABAAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/login/form/w
-
user_agent
Mozilla/5.0 (Windows NT 6.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36
-
watermark
1359593325
Targets
-
-
Target
bin/WinScrollbarForUninitialize.dll
-
Size
218KB
-
MD5
8716cec33a4fea1c00d57c4040945d9e
-
SHA1
301c94571cc0795c54f6ea7e20a453436133ad03
-
SHA256
e8da0c4416f4353aad4620b5a83ff84d6d8b9b8a748fdbe96d8a4d02a4a1a03c
-
SHA512
89fef3971120d0e4bc676d89db7bf2992ba4316b5a628397b04cf8fc299d130fabb523d990ff7aafd6c956ab62583f33ebee26543fe6abeefc319838125cc517
-
SSDEEP
3072:NaIhrdRZoUa294RWQfNKfleJxWJFT7rT16H09Ho78xjtAhF8+Fg:N3RNaUGWQfBx4A0dXqhFfF
Score1/10 -
-
-
Target
information.lnk
-
Size
1KB
-
MD5
c23f1af6d1724324f866fe68634396f9
-
SHA1
959c824fab3cc38ac605553d39aa57bef559befd
-
SHA256
e5de12f16af0b174537bbdf779b34a7c66287591323c2ec86845cecdd9d57f53
-
SHA512
0ac868487c47f873ab86d37545954dbf82f15d77b6495160d6b6ce1e6d7fe4e473da991e61d8a5f922534d3e221ef51b0d817bb3c108885b4b38d0902942eaab
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-