General
-
Target
2284-54-0x00000000002F0000-0x0000000000331000-memory.dmp
-
Size
260KB
-
Sample
240313-wkh6tsde67
-
MD5
64a55737320f3e4d0fc8806f88e7e9b0
-
SHA1
cf380f8eb6a7925547049ba7f33f260e7681864f
-
SHA256
bbc6607ab55be9f76b07bd484a333370da22f66c5dbecac68ed7b442de3fc747
-
SHA512
e688393ff81b31c916443c59ce9d37e3add687860230483921176b7c61818bee8f5bac9308f1d5e33d089a5c7c84b60654e440d3d1524b295ce974a36b2de57a
-
SSDEEP
3072:RsYckn3Xzq4IDwSK2Mbn/gprBJwJNJsCwQTIfXouPruOOTR1z9BQYJerCo4:RsYwjwIGIprBJweGTIDjhOTR1Q8v
Malware Config
Extracted
cobaltstrike
100000000
http://119.91.195.178:2053/www/handle/doc
-
access_type
512
-
beacon_type
2048
-
host
119.91.195.178,/www/handle/doc
-
http_header1
AAAABwAAAAAAAAANAAAAAgAAAApTRVNTSU9OSUQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAABwAAAAAAAAAPAAAACwAAAAIAAAAFdXNlcj0AAAABAAAAAiUlAAAABgAAAARVc2VyAAAABwAAAAEAAAAPAAAADQAAAAIAAAAFZGF0YT0AAAABAAAAAiUlAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
1792
-
polling_time
3000
-
port_number
2053
-
sc_process32
c:\windows\syswow64\rundll32.exe
-
sc_process64
c:\windows\system32\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCY29TDuKymMY2hk5LtUpxb34o4BQ61Qg2sgi3PyG4riracgTQAf2iqZF04DGC1H4KmC59esWtSTyzYbrGy+XQVW+YwK9hECH6JqhNYgwG4Li42UHvmW5fKSZwKNeanhTDG618fmpsAlXUm929uk6+DJsPjQz81kcOBSpYPzySXJQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
2.51666432e+08
-
unknown2
AAAABAAAAAEAAAACAAAAAgAAAAUAAAAIAAAADwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/www/handle/pdf
-
user_agent
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E; SE 2.X MetaSr 1.0)
-
watermark
100000000
Targets
-
-
Target
2284-54-0x00000000002F0000-0x0000000000331000-memory.dmp
-
Size
260KB
-
MD5
64a55737320f3e4d0fc8806f88e7e9b0
-
SHA1
cf380f8eb6a7925547049ba7f33f260e7681864f
-
SHA256
bbc6607ab55be9f76b07bd484a333370da22f66c5dbecac68ed7b442de3fc747
-
SHA512
e688393ff81b31c916443c59ce9d37e3add687860230483921176b7c61818bee8f5bac9308f1d5e33d089a5c7c84b60654e440d3d1524b295ce974a36b2de57a
-
SSDEEP
3072:RsYckn3Xzq4IDwSK2Mbn/gprBJwJNJsCwQTIfXouPruOOTR1z9BQYJerCo4:RsYwjwIGIprBJweGTIDjhOTR1Q8v
Score1/10 -