General
-
Target
2020-55-0x0000000002170000-0x00000000021E0000-memory.dmp
-
Size
448KB
-
Sample
240314-mkgtbsca43
-
MD5
9fe2570f42ac6031dd25457d20f95004
-
SHA1
af59ba4e9616689353ae65f651d9ca3283cc67ac
-
SHA256
42e1bf4ae013099d1832b39dfc42df1dc11a278b51cd427081feac86178a0b5b
-
SHA512
9b250981b00a4497ae711b2526d9ca24a601ec85aecd00860e3e60f6377c6c7287847dbd0d4cd62050d7811c14dc6be7f8ae7ddeca79bb130855c6920556ad52
-
SSDEEP
3072:/Jq1fXrluNpvOVGW/AuxytgugJqhJeGkTpX1KcBSEHYVD90vCykQgCxDYJazgHcO:/JqCGVd3xyibgkTZI6jHID90adeDmH/
Malware Config
Extracted
cobaltstrike
100000
http://216.146.25.53:80/changes/TWl3f2wDOLzsopklW5dDAnZe9XKFIFQ
-
access_type
512
-
host
216.146.25.53,/changes/TWl3f2wDOLzsopklW5dDAnZe9XKFIFQ
-
http_header1
AAAACgAAABBQcmFnbWE6IG5vLWNhY2hlAAAACgAAABdDYWNoZS1Db250cm9sOiBuby1jYWNoZQAAAAoAAAALQWNjZXB0OiAqLyoAAAAKAAAAHkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQAAAAcAAAAAAAAAAgAAAAZxc1RSWXMAAAAPAAAAAwAAAAYAAAAMWC1DU1JGLVRva2VuAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAABBQcmFnbWE6IG5vLWNhY2hlAAAACgAAABdDYWNoZS1Db250cm9sOiBuby1jYWNoZQAAAAoAAAALQWNjZXB0OiAqLyoAAAAKAAAAHkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQAAAAoAAAAeQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9qc29uAAAABwAAAAAAAAACAAAAfVh4M0I4N0Q2ZVZzVlZ2T1ZLTGg0U05ycVdadDVISm1CcXMwZGJVS0M0TE1HRkZqbWRxaW5lT3lnbDN4Z0F5RFFjQzBiYmNqR0tXa3FnaXlKcWRiY2RMY3FtU1BVY2EwcHdCbXNwS3VFYUN4elNueTZzTUltSlFJVFZubjVWAAAADwAAAAMAAAAGAAAADFgtQ1NSRi1Ub2tlbgAAAAcAAAABAAAAAwAAAAIAAAAKIiwiZGF0YSI6IgAAAAIAAAAkMzM5NWQwNDgtY2FlYS00ZjUwLTk5ODktNzFjNmQ0NzMyNmI5AAAAAgAAAAh7Im1zZyI6IgAAAAEAAAACIn0AAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
3840
-
polling_time
71663
-
port_number
80
-
sc_process32
%windir%\syswow64\DllHost.exe /Processid:{634241AA-BAEF-4493-80CD-F1C3F91A5BE1}
-
sc_process64
%windir%\sysnative\DllHost.exe /Processid:{90805CAA-A11B-4DEC-9984-1CA91684609A}
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCma5npxyrI1Bt3gmECSQD9c4KlCwAoQEH7v/U6mn34yUqT2e7r2lTgts0x++WI6itT79RODlC2bALLrkFWoq/y03yq9C6kx/zI9wRqo3IEaC9bcyCLr6YY1ncstOyGZTcHhVu1/TEbzsPWYYPDzhBsQhV+zhuXXRKz6vk4TnfjDQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
3.579122944e+09
-
unknown2
AAAABAAAAAEAAAACAAAAAgAAABMAAAACAAAAJAAAAAIAAAAgAAAAAwAAAAEAAAAMAAAAAgAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/license/Z2OSWUqImUYFWZRYaOb79wLnfzHd3dM
-
user_agent
Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0)
-
watermark
100000