General
-
Target
beacon.exe
-
Size
281KB
-
Sample
240313-3p7tbacg6s
-
MD5
89b23c7d509345da68098ea9e6750c01
-
SHA1
5c3b2d20e82ce5556a46bc2bf62d658cf21f48ac
-
SHA256
ee28c1f6f795cdc260ea36b60a3b9b80e3284752a7503a211034efa04297bb84
-
SHA512
42a50063c22f117ba5ddafd16613aa00f64c88a01e52de16f958d5731558f4302011b884bdcc7342a3a0b6f55b47517a720022a60f1ed08850153e962a80bef6
-
SSDEEP
6144:oCAHk7vNMxtRSCuzu02fKblKAJCLuRiE/3OopdmJ5kkkkkkkkiHDC:AcyvRSTujCblKAJCLuRbWmmPkkkkkkk5
Static task
static1
Behavioral task
behavioral1
Sample
beacon.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
beacon.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
cobaltstrike
100000
http://www.syst1m.tk:2083/tencent.wx.updata.js
-
access_type
512
-
beacon_type
2048
-
host
www.syst1m.tk,/tencent.wx.updata.js
-
http_header1
AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAAAoAAAAgUmVmZXJlcjogaHR0cDovL2NvZGUuanF1ZXJ5LmNvbS8AAAAKAAAAHkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQAAAAcAAAAAAAAADQAAAAIAAAAJX19jZmR1aWQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAAAoAAAAgUmVmZXJlcjogaHR0cDovL2NvZGUuanF1ZXJ5LmNvbS8AAAAKAAAAHkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQAAAAcAAAAAAAAADwAAAA0AAAAFAAAACF9fY2ZkdWlkAAAABwAAAAEAAAAPAAAADQAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
9472
-
polling_time
8000
-
port_number
2083
-
sc_process32
%windir%\syswow64\dllhost.exe
-
sc_process64
%windir%\sysnative\dllhost.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDPqvvKMJoX0wS3ucFriGsjCHAPKYl9KLVUHZZFjitq0fJNZ0TD4RsqetmHYP8Mw6ZPFrtgyZPUh4tsD1820/sQjlY+UMDbP2KV5a4qkcBdapf/tZZIb73EqzxlppryjNowLJZK44hVJIymkuwucguP3BGX7OgBlbO3ec/iFrPyhwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4.234810624e+09
-
unknown2
AAAABAAAAAEAAAXyAAAAAgAAAFQAAAACAAAPWwAAAA0AAAAPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/tencent.pcwx.updata.js
-
user_agent
Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.5; Author:qwe) like Gecko
-
watermark
100000
Targets
-
-
Target
beacon.exe
-
Size
281KB
-
MD5
89b23c7d509345da68098ea9e6750c01
-
SHA1
5c3b2d20e82ce5556a46bc2bf62d658cf21f48ac
-
SHA256
ee28c1f6f795cdc260ea36b60a3b9b80e3284752a7503a211034efa04297bb84
-
SHA512
42a50063c22f117ba5ddafd16613aa00f64c88a01e52de16f958d5731558f4302011b884bdcc7342a3a0b6f55b47517a720022a60f1ed08850153e962a80bef6
-
SSDEEP
6144:oCAHk7vNMxtRSCuzu02fKblKAJCLuRiE/3OopdmJ5kkkkkkkkiHDC:AcyvRSTujCblKAJCLuRbWmmPkkkkkkk5
Score10/10 -