General
-
Target
5a4b3189e2071c16b9a013517996a4d8dd29ca218b6d461add236d278ae1a489
-
Size
4.2MB
-
Sample
240309-kw9x5sfb9y
-
MD5
0b56f22d2fe3a7f1944bb457def14cc7
-
SHA1
b2cbde9d4ba7ee33e0fea709ead121b75928fcb7
-
SHA256
5a4b3189e2071c16b9a013517996a4d8dd29ca218b6d461add236d278ae1a489
-
SHA512
c1073b7d8300d1ee3066aeeccf147288429d040a7cf251c6ee14e69456f94c48723dd8eb93ae29dca530e6bf889ea4922cab08ae07df780f4eb6d3103c5f5dcd
-
SSDEEP
49152:lkP0MBwmMbApkuZeMAWj05EDmdvCoRIeNEDbAGIOwf+U2qTfBrhd0QaiRF:Y0UMjuZeTESd9bDTBrH0Qas
Static task
static1
Behavioral task
behavioral1
Sample
5a4b3189e2071c16b9a013517996a4d8dd29ca218b6d461add236d278ae1a489.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
5a4b3189e2071c16b9a013517996a4d8dd29ca218b6d461add236d278ae1a489.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
cobaltstrike
0
http://221.228.216.78:443/static/skin/js/jquery-3.3.1.min.js
http://bmw.ccb.com.cdn.dnsv1.com.cn:443/static/skin/js/jquery-3.3.1.min.js
http://218.29.50.94:443/static/skin/js/jquery-3.3.1.min.js
-
access_type
512
-
host
221.228.216.78,/static/skin/js/jquery-3.3.1.min.js,bmw.ccb.com.cdn.dnsv1.com.cn,/static/skin/js/jquery-3.3.1.min.js,218.29.50.94,/static/skin/js/jquery-3.3.1.min.js
-
http_header1
aWR2eVVhTURLdWJXVzRUTDNpUGpCdz09AAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
2048
-
port_number
443
-
sc_process32
%windir%\syswow64\dllhost.exe
-
sc_process64
%windir%\sysnative\dllhost.exe
-
unknown1
4.234810624e+09
-
unknown2
AAAABAAAAAEAAAXyAAAAAgAAAFQAAAACAAAPWwAAAA0AAAAPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/static/skin/js/jquery-3.3.2.min.js
-
watermark
0
Targets
-
-
Target
5a4b3189e2071c16b9a013517996a4d8dd29ca218b6d461add236d278ae1a489
-
Size
4.2MB
-
MD5
0b56f22d2fe3a7f1944bb457def14cc7
-
SHA1
b2cbde9d4ba7ee33e0fea709ead121b75928fcb7
-
SHA256
5a4b3189e2071c16b9a013517996a4d8dd29ca218b6d461add236d278ae1a489
-
SHA512
c1073b7d8300d1ee3066aeeccf147288429d040a7cf251c6ee14e69456f94c48723dd8eb93ae29dca530e6bf889ea4922cab08ae07df780f4eb6d3103c5f5dcd
-
SSDEEP
49152:lkP0MBwmMbApkuZeMAWj05EDmdvCoRIeNEDbAGIOwf+U2qTfBrhd0QaiRF:Y0UMjuZeTESd9bDTBrH0Qas
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-