General
-
Target
1600-55-0x000007FEF6460000-0x000007FEF650C000-memory.dmp
-
Size
688KB
-
Sample
240315-ax6a8sca3v
-
MD5
d1a20775cb37907ed4aa18afb43abc92
-
SHA1
eb10a11dad7f17f9524e01f1fc258d6b34a7d8a3
-
SHA256
0126dc282ab4fbd211993a13c3a11c7d2c5bff6915e03f6715d3a15ecff70a27
-
SHA512
88a6ead42c7ca3a02117558577f0aaeb76784386ff527e2fd916e9f77eaf94988080396dc0bcffe2e2f40d3e76aed648bdc1ede232d85107ea7c43b831bd3ffe
-
SSDEEP
12288:GEfOMJ8kWhpujbIS0wSJSkORCXdpVo2GN:PfO3+jbIpwSTOWfVPy
Behavioral task
behavioral1
Sample
1600-55-0x000007FEF6460000-0x000007FEF650C000-memory.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
1600-55-0x000007FEF6460000-0x000007FEF650C000-memory.dll
Resource
win10v2004-20240226-en
Malware Config
Extracted
cobaltstrike
391144938
http://123.249.100.157:80/owa/
-
access_type
512
-
host
123.249.100.157,/owa/
-
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAABxQ29va2llOiBNQzE9bWljcm9zb2Z0PThkZGNmZjNhODBmNDE4OWNhMWM5ZDRkOTAyYzNjOTA5JkhBU0g9YTE2ZCZWPTgmTFU9MTY2MzAzOTAxNzY4OTtQYXRoPS87U2VjdXJlO1NhbWVTaXRlPU5vbmUAAAAHAAAAAAAAAA0AAAAFAAAAA293YQAAAAkAAAAPcGF0aD0vbWljcm9zb2Z0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAcAAAABAAAADQAAAAUAAAADb3dhAAAABwAAAAAAAAANAAAAAgAAACdNaWNyb3NvZnRBcHBsaWNhdGlvbnM9ODBmNDE4OWNhMWM5ZDRkOTsAAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
GET
-
jitter
5120
-
polling_time
30000
-
port_number
80
-
sc_process32
%windir%\syswow64\gpupdate.exe
-
sc_process64
%windir%\sysnative\gpupdate.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCUGBvIn5gwSmKKcfXD82unRuDzm2vgwOmyHl0MOVRfInQavLCYKfdtZDW3SODxz41OCk1reVRelaJXiseXgutHH5EOxbIt5x07dOq9A5x2FEeqDUmQn5ymBS3jegp8QE27JwAoV15OjOHL1ejMpYbraq5iN8tc/yl+uv8UiP5xUwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
1.448416512e+09
-
unknown2
AAAABAAAAA0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown3
1.610612736e+09
-
uri
/OWA/
-
user_agent
Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)
-
watermark
391144938
Targets
-
-
Target
1600-55-0x000007FEF6460000-0x000007FEF650C000-memory.dmp
-
Size
688KB
-
MD5
d1a20775cb37907ed4aa18afb43abc92
-
SHA1
eb10a11dad7f17f9524e01f1fc258d6b34a7d8a3
-
SHA256
0126dc282ab4fbd211993a13c3a11c7d2c5bff6915e03f6715d3a15ecff70a27
-
SHA512
88a6ead42c7ca3a02117558577f0aaeb76784386ff527e2fd916e9f77eaf94988080396dc0bcffe2e2f40d3e76aed648bdc1ede232d85107ea7c43b831bd3ffe
-
SSDEEP
12288:GEfOMJ8kWhpujbIS0wSJSkORCXdpVo2GN:PfO3+jbIpwSTOWfVPy
Score1/10 -