General
-
Target
2600-55-0x000007FEF74F0000-0x000007FEF759C000-memory.dmp
-
Size
688KB
-
Sample
240315-a6ejwacc8w
-
MD5
a2da0f22db71c3343238bd1813d59b98
-
SHA1
26bde047bc789f5954c61e501b78203caaa597dc
-
SHA256
48ad7e4ede087da50c4be349bfd2305242f18a8b465a372cf2a169df6e484b21
-
SHA512
a206618b0319967fb90933a6632e3e05673fd3960c17567bf27f90bc789c041e36f1ab691deb20afb55338cb3059286919a5d9e2b30ad783b54ed868021d68e3
-
SSDEEP
12288:qEfOMJ8J6oujbIS0wSJSkORCXdpVo2GN:7fO3ujbIpwSTOWfVPy
Behavioral task
behavioral1
Sample
2600-55-0x000007FEF74F0000-0x000007FEF759C000-memory.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2600-55-0x000007FEF74F0000-0x000007FEF759C000-memory.dll
Resource
win10v2004-20240226-en
Malware Config
Extracted
cobaltstrike
391144938
http://47.115.211.116:80/owa/
-
access_type
512
-
host
47.115.211.116,/owa/
-
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAABxQ29va2llOiBNQzE9bWljcm9zb2Z0PThkZGNmZjNhODBmNDE4OWNhMWM5ZDRkOTAyYzNjOTA5JkhBU0g9YTE2ZCZWPTgmTFU9MTY2MzAzOTAxNzY4OTtQYXRoPS87U2VjdXJlO1NhbWVTaXRlPU5vbmUAAAAHAAAAAAAAAA0AAAAFAAAAA293YQAAAAkAAAAPcGF0aD0vbWljcm9zb2Z0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAcAAAABAAAADQAAAAUAAAADb3dhAAAABwAAAAAAAAANAAAAAgAAACdNaWNyb3NvZnRBcHBsaWNhdGlvbnM9ODBmNDE4OWNhMWM5ZDRkOTsAAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
GET
-
jitter
1280
-
polling_time
1000
-
port_number
80
-
sc_process32
%windir%\syswow64\gpupdate.exe
-
sc_process64
%windir%\sysnative\gpupdate.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJlRoJrtHdi/JCpa+ldmK3M0pqOYNHnJ90TFWSWi28rJ8ISt0g89bAOq4Ih4rH2znL5qKIMbQsE0pj9QvF+POLjRhUwwKet0lsG+954DUJj6quJdVWnQc3+k04PAi04cdXkMcAWDl9LdwUG079t1ceM0JxCjYV0ga4jtUTMlyEQwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
1.448416512e+09
-
unknown2
AAAABAAAAA0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown3
1.610612736e+09
-
uri
/OWA/
-
user_agent
Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)
-
watermark
391144938
Targets
-
-
Target
2600-55-0x000007FEF74F0000-0x000007FEF759C000-memory.dmp
-
Size
688KB
-
MD5
a2da0f22db71c3343238bd1813d59b98
-
SHA1
26bde047bc789f5954c61e501b78203caaa597dc
-
SHA256
48ad7e4ede087da50c4be349bfd2305242f18a8b465a372cf2a169df6e484b21
-
SHA512
a206618b0319967fb90933a6632e3e05673fd3960c17567bf27f90bc789c041e36f1ab691deb20afb55338cb3059286919a5d9e2b30ad783b54ed868021d68e3
-
SSDEEP
12288:qEfOMJ8J6oujbIS0wSJSkORCXdpVo2GN:7fO3ujbIpwSTOWfVPy
Score1/10 -