General
-
Target
4256-121-0x000000002BA80000-0x000000002BAD2000-memory.dmp
-
Size
328KB
-
Sample
240312-pdtwesad54
-
MD5
c946237177db1d868ebadd49e193e2a5
-
SHA1
282245859fa1201ed0a772b2c9ec778a85744c38
-
SHA256
66bf69ea0015c9664bd94ada49be95b0bc2b00b15995ab18f8f1107fa526b461
-
SHA512
4032826aa776df6921d350cdc6ffc3fcb78c01638618797206acdfd50f606ee764733cde713b59dc5a76b08b6dae317fdedf6e19d048ed5fe87044a960e76541
-
SSDEEP
3072:4zbINhWl+CIbfqqEVxtfg8jtfDCJS4l9JTFyG+JteEzCnLZ/YVKOdoYJl6vzHkyf:4zbUWootfDCvT4ZTXzCLZgVJojZrKM
Malware Config
Extracted
cobaltstrike
391144938
http://139.9.243.130:443/sugrec
-
access_type
512
-
beacon_type
2048
-
host
139.9.243.130,/sugrec
-
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAABAAAAATSG9zdDogd3d3LmJhaWR1LmNvbQAAAAoAAABGQ29va2llOiBaRF9FTlRSWT1nb29nbGU7IEJBSURVSUQ9NkMzQTgyNEI1RkUzMDdDRjIzNzE4QjgwNjNCMjI3MkQ6Rkc9MQAAAAcAAAAAAAAADwAAAA0AAAAFAAAAAmlkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAABAAAAATSG9zdDogd3d3LmJhaWR1LmNvbQAAAAoAAAAeQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9qc29uAAAACgAAAEZDb29raWU6IFpEX0VOVFJZPWdvb2dsZTsgQkFJRFVJRD02QzNBODI0QjVGRTMwN0NGMjM3MThCODA2M0IyMjcyRDpGRz0xAAAABwAAAAAAAAAPAAAADQAAAAUAAAAEdmlldwAAAAcAAAABAAAADwAAAA0AAAACAAAACHsiaW1nIjoiAAAAAQAAAAIifQAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
443
-
sc_process32
%windir%\syswow64\WerFault.exe
-
sc_process64
%windir%\sysnative\WerFault.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCq5FLm+lamnOskg6M7l5P1QuBtuz02ytCR+d7h4wJtc/zazWK296zCBGYq9IZfG5pywTRxxqnslPHFvh4ji4+48HaUOZz944lngUjayzPEICVgT1+siwKxVnBavgiQcYZ1Oi0xp57l4DYddiflzNO6LFYCAd4T/xVzr3vzZWpLMwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
3.126138112e+09
-
unknown2
AAAABAAAAAEAAAACAAAAAgAAAF0AAAANAAAADwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/5aV1bjqh_Q23odCf/static/superman/img/topnav/
-
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36
-
watermark
391144938