General
-
Target
B.exe
-
Size
10.9MB
-
Sample
240317-nt39csea3z
-
MD5
f4a469f67581555a53f524a022aacafb
-
SHA1
364048247f6552cea9b97ab0d66484ebe9446e3c
-
SHA256
bf591d97f7c18951b57d108d8345d64d4507138fb6030873018a5db6d148af62
-
SHA512
a4407f648bfa523d7a3249380c1f0deeb3e92cbcbfa0d235a3dd32745d1d8766cfaa1fe99082d09966ef472af4de6db72c794afef5c670c51637608565ba63c1
-
SSDEEP
196608:9HGyhL33XXLybGKdNGYj+MxmpVAI62jSBuUtW1lJwo2LrKUYV9bWI:95hL3HyGGlj+E3I6Ev0PeR
Static task
static1
Behavioral task
behavioral1
Sample
B.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
B.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
cobaltstrike
305419896
http://192.168.80.148:443/load
-
access_type
512
-
beacon_type
2048
-
host
192.168.80.148,/load
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_method1
GET
-
http_method2
POST
-
maxdns
255
-
polling_time
60000
-
port_number
443
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCgIjGsyBUcknsvpyDHOgbqNYC3PG3OFLDEVkJAmTR7PQOj270rjgNrtwwi+JXX5TZvn6BKr+y1DdNKfzEdmvWN6Q63zSDZRqUGj1B9caD0979KL2wIw29rN+NUTew90SmOG0MOETnagxiRieWCZPeMK2QHmfbZ1Ysm6nVb5Lfj8wIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.1)
-
watermark
305419896
Targets
-
-
Target
B.exe
-
Size
10.9MB
-
MD5
f4a469f67581555a53f524a022aacafb
-
SHA1
364048247f6552cea9b97ab0d66484ebe9446e3c
-
SHA256
bf591d97f7c18951b57d108d8345d64d4507138fb6030873018a5db6d148af62
-
SHA512
a4407f648bfa523d7a3249380c1f0deeb3e92cbcbfa0d235a3dd32745d1d8766cfaa1fe99082d09966ef472af4de6db72c794afef5c670c51637608565ba63c1
-
SSDEEP
196608:9HGyhL33XXLybGKdNGYj+MxmpVAI62jSBuUtW1lJwo2LrKUYV9bWI:95hL3HyGGlj+E3I6Ev0PeR
Score10/10 -