General
-
Target
a03e317febe378b4eda37d7960c05e08ba35f17e3a25e690c5c90151a420ca11
-
Size
260KB
-
Sample
240318-sdnk7abe58
-
MD5
4b4eb3c179486378b8a4b177ad93f32d
-
SHA1
60a036029c13fd1e725abb07d9cbbde125a596c3
-
SHA256
a03e317febe378b4eda37d7960c05e08ba35f17e3a25e690c5c90151a420ca11
-
SHA512
d747c39bda74dcb7b397a7efeb5cb1338f2bfef00f224b48c6d3cd4d89d1442005046f95aba50b08a0553adec2982b0025bf4f5a196476aa4c59e17c690f451a
-
SSDEEP
3072:7c0nsHpyvGj346lbkBN/gppj8aJGIhxjT3A8ygbLAZmitdGlg9tQYJ1b/S1PZT8C:7c0bPzIpt8ahTw8PHA8itQgQv1uE
Malware Config
Extracted
cobaltstrike
426352781
http://192.168.200.128:80/ptj
-
access_type
512
-
host
192.168.200.128,/ptj
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
80
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCapSVBA8jtD6tZyWIwAlxzeJkiYFgwC43jw+AGWoSwsNNTvbt1p6sAoNaM+GkLrC1fNYKlJTOgJPeBAUxHi7GvWLcRg9vlBloKCBX3mFK+gkjswI++h7lUsvu7AOaT6k/08K7fKOlPDEzI8anYwb5g0+aIk3JQz+clHEvPabL69wIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.1)
-
watermark
426352781
Targets
-
-
Target
a03e317febe378b4eda37d7960c05e08ba35f17e3a25e690c5c90151a420ca11
-
Size
260KB
-
MD5
4b4eb3c179486378b8a4b177ad93f32d
-
SHA1
60a036029c13fd1e725abb07d9cbbde125a596c3
-
SHA256
a03e317febe378b4eda37d7960c05e08ba35f17e3a25e690c5c90151a420ca11
-
SHA512
d747c39bda74dcb7b397a7efeb5cb1338f2bfef00f224b48c6d3cd4d89d1442005046f95aba50b08a0553adec2982b0025bf4f5a196476aa4c59e17c690f451a
-
SSDEEP
3072:7c0nsHpyvGj346lbkBN/gppj8aJGIhxjT3A8ygbLAZmitdGlg9tQYJ1b/S1PZT8C:7c0bPzIpt8ahTw8PHA8itQgQv1uE
Score1/10 -