General
-
Target
2127d87fe1cb259eb6e54a06fe8953aa850ad1a11dd176bce385c86f86ba2166
-
Size
259KB
-
Sample
240312-hq5p5ach99
-
MD5
83394c52f43a700d6773c8180758800c
-
SHA1
28e2e14004648eeaa4ea7e65533aeeac5dc86ad6
-
SHA256
2127d87fe1cb259eb6e54a06fe8953aa850ad1a11dd176bce385c86f86ba2166
-
SHA512
20482a566d69d78729573160ac4f05275a900224a3310593636f155b54da3e07f504dccd398343a83afb72657d1e74426968619ddf328f5538e0e53a74d4ccc8
-
SSDEEP
6144:/EG8cIDtrGIpDjr4OVMvvOJJMmGMmw9IAPBWH/:8QIDtr/Zjr1VMvv4JMJMPIAPBQ
Behavioral task
behavioral1
Sample
2127d87fe1cb259eb6e54a06fe8953aa850ad1a11dd176bce385c86f86ba2166.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2127d87fe1cb259eb6e54a06fe8953aa850ad1a11dd176bce385c86f86ba2166.dll
Resource
win10v2004-20240226-en
Malware Config
Extracted
cobaltstrike
100000
http://111.229.142.238:88/c/msdownload/update/others/2022/03/29136388_
-
access_type
512
-
beacon_type
2048
-
host
111.229.142.238,/c/msdownload/update/others/2022/03/29136388_
-
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAABAAAAAYSG9zdDogd3d3LmNoYW5lbmVyZ3kuY29tAAAABwAAAAAAAAANAAAAAQAAAAQuY2FiAAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAABAAAAAYSG9zdDogd3d3LmNoYW5lbmVyZ3kuY29tAAAABwAAAAAAAAAFAAAACXVwZGF0ZV9pZAAAAAcAAAABAAAAAwAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
5120
-
polling_time
2000
-
port_number
88
-
sc_process32
%windir%\syswow64\WerFault.exe
-
sc_process64
%windir%\sysnative\WerFault.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCcVn/Q1SFs8Ez3qpSw7HyCwZiGhfB0U4kaa+1QVehZQy62WbutdsfQ0+ucTt66SPOSbI192ts2jp0oHkI1lRpdPunUCA+8fFXuNdCb/ZsbA5bRQZhZHTQE9gwGgF4ieb6elCAW3WaUH34pVeB4bE0PVUC/4DF//A6AJQRdhCOX1QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
1.481970944e+09
-
unknown2
AAAABAAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/c/msdownload/update/others/2022/03/28986731_
-
user_agent
Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.40
-
watermark
100000
Targets
-
-
Target
2127d87fe1cb259eb6e54a06fe8953aa850ad1a11dd176bce385c86f86ba2166
-
Size
259KB
-
MD5
83394c52f43a700d6773c8180758800c
-
SHA1
28e2e14004648eeaa4ea7e65533aeeac5dc86ad6
-
SHA256
2127d87fe1cb259eb6e54a06fe8953aa850ad1a11dd176bce385c86f86ba2166
-
SHA512
20482a566d69d78729573160ac4f05275a900224a3310593636f155b54da3e07f504dccd398343a83afb72657d1e74426968619ddf328f5538e0e53a74d4ccc8
-
SSDEEP
6144:/EG8cIDtrGIpDjr4OVMvvOJJMmGMmw9IAPBWH/:8QIDtr/Zjr1VMvv4JMJMPIAPBQ
Score1/10 -