General
-
Target
45e6d1d1801221cd1396e67c99a7d408ebd4cd6b18e918e16ff8dc4b1207782c
-
Size
932KB
-
Sample
240309-k1rmcsfc5s
-
MD5
01c3de79835d5e0822d130478c4709aa
-
SHA1
782e8ec2dc25c3ea971ce1dcfcf854d6bd13929f
-
SHA256
45e6d1d1801221cd1396e67c99a7d408ebd4cd6b18e918e16ff8dc4b1207782c
-
SHA512
38b6643a1117ac0763c0e245c9031ba698e522d73d1a59c3b337a33fdab8a0623513be93e1d9acb29aa911a736f530a7344f993f7c4821c71743a54853b13373
-
SSDEEP
24576:EOT0iqNy1Upc3SmBt/z90mTnCjqKLTjz:FqU1ZBajqKLTjz
Static task
static1
Behavioral task
behavioral1
Sample
45e6d1d1801221cd1396e67c99a7d408ebd4cd6b18e918e16ff8dc4b1207782c.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
45e6d1d1801221cd1396e67c99a7d408ebd4cd6b18e918e16ff8dc4b1207782c.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
cobaltstrike
100000000
http://service-rbj9jdc8-1257582847.nj.apigw.tencentcs.com:443/help
-
access_type
512
-
beacon_type
2048
-
host
service-rbj9jdc8-1257582847.nj.apigw.tencentcs.com,/help
-
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAcAAAAAAAAAAwAAAAIAAAAJX19jZmR1aWQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAcAAAAAAAAAAwAAAAIAAAAJX19jZmR1aWQ9AAAABgAAAAZDb29raWUAAAAHAAAAAQAAAAMAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
9472
-
polling_time
10000
-
port_number
443
-
sc_process32
%windir%\syswow64\dllhost.exe
-
sc_process64
%windir%\sysnative\dllhost.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCcDM451tcncv9V4lKHUclW0bT5Fispre6S3sEpNoKuaTUY9bHkNv+vW8s+CqSOx7IxvhqdgoG3bNMEYHtdelAxDMJVyvwRmOZK9RbqWhngvVSPbtYlWZmVTM1rEG9yDcF3ZCxdMvdSSobD/GOxQa7K3Z8Z0Zll2sVuVCi/lkB9aQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
1.481970944e+09
-
unknown2
AAAABAAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/manager
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_07_00) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11
-
watermark
100000000
Targets
-
-
Target
45e6d1d1801221cd1396e67c99a7d408ebd4cd6b18e918e16ff8dc4b1207782c
-
Size
932KB
-
MD5
01c3de79835d5e0822d130478c4709aa
-
SHA1
782e8ec2dc25c3ea971ce1dcfcf854d6bd13929f
-
SHA256
45e6d1d1801221cd1396e67c99a7d408ebd4cd6b18e918e16ff8dc4b1207782c
-
SHA512
38b6643a1117ac0763c0e245c9031ba698e522d73d1a59c3b337a33fdab8a0623513be93e1d9acb29aa911a736f530a7344f993f7c4821c71743a54853b13373
-
SSDEEP
24576:EOT0iqNy1Upc3SmBt/z90mTnCjqKLTjz:FqU1ZBajqKLTjz
Score10/10 -