General
-
Target
15b5072420727887178bcab9a251c0b9af45df135157902ab540215f8f8ab75f.bin
-
Size
204KB
-
Sample
240319-avf9bsce85
-
MD5
4d8159689d6239f7616ea60f46dbe4e0
-
SHA1
19e414ded855998d18a786e0142d600308e21469
-
SHA256
15b5072420727887178bcab9a251c0b9af45df135157902ab540215f8f8ab75f
-
SHA512
d9f632cf521f37e4c87196b1e289bb2b7e555f304bb9cb4e2ac3e32aecd2e108b0632d3fffdb971a6cbfdac4b1d916e64fb5718dc6d24600fac03b96bb4c2f76
-
SSDEEP
3072:0/QPFX1eqEfuBNSYuiM8CNj8hFsoMX0ghsJRgCD3iFw9jdUK5l2:0/MEfuN0t8C5oFsoeRM3o0jI
Malware Config
Extracted
cobaltstrike
426352781
http://j9u2j5r3.hostrycdn.com:80/image/
-
access_type
512
-
host
j9u2j5r3.hostrycdn.com,/image/
-
http_header1
AAAAEAAAABRIb3N0OiB3d3cuYnNiYnNiLnh5egAAAAoAAABIQWNjZXB0OiB0ZXh0L2h0bWwsYXBwbGljYXRpb24veGh0bWwreG1sLGFwcGxpY2F0aW9uL3htbDtxPTAuOSwqLypsO3E9MC44AAAACgAAAB5SZWZlcmVyOiBodHRwOi8vd3d3Lmdvb2dsZS5jb20AAAAKAAAAEFByYWdtYTogbm8tY2FjaGUAAAAKAAAAF0NhY2hlLUNvbnRyb2w6IG5vLWNhY2hlAAAABwAAAAAAAAAIAAAAAQAAAAUtLmpwZwAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAAEAAAABRIb3N0OiB3d3cuYnNiYnNiLnRvcAAAAAoAAAAmQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0AAAAKAAAAHlJlZmVyZXI6IGh0dHA6Ly93d3cuZ29vZ2xlLmNvbQAAAAoAAAAQUHJhZ21hOiBuby1jYWNoZQAAAAoAAAAXQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUAAAAHAAAAAAAAAAsAAAABAAAABC5hc3AAAAAMAAAABwAAAAEAAAADAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
2000
-
port_number
80
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJrwEuOcjKE+cfwLhHeNBTyMUZ+Zd0J0+vLPzEI2RWn0cxDvTzgIyb3c7xZBN8x14PXvIcATRL5ZkuEx7eclHxJesS7BAh/5qHltzySsYXh3lC2RUmSV+dZxyXoaoeIpKHeQX9b8uDfuGmubUoj8xeBbXpIiqSFudAT2YEn6wUDQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
1.481970944e+09
-
unknown2
AAAABAAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/history/
-
user_agent
Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0)
-
watermark
426352781
Targets
-
-
Target
15b5072420727887178bcab9a251c0b9af45df135157902ab540215f8f8ab75f.bin
-
Size
204KB
-
MD5
4d8159689d6239f7616ea60f46dbe4e0
-
SHA1
19e414ded855998d18a786e0142d600308e21469
-
SHA256
15b5072420727887178bcab9a251c0b9af45df135157902ab540215f8f8ab75f
-
SHA512
d9f632cf521f37e4c87196b1e289bb2b7e555f304bb9cb4e2ac3e32aecd2e108b0632d3fffdb971a6cbfdac4b1d916e64fb5718dc6d24600fac03b96bb4c2f76
-
SSDEEP
3072:0/QPFX1eqEfuBNSYuiM8CNj8hFsoMX0ghsJRgCD3iFw9jdUK5l2:0/MEfuN0t8C5oFsoeRM3o0jI
Score1/10 -