General
-
Target
ebf277783419a484a4d3dff2c7898ec2b3c7c95e90e9783e3597d5646a042b8e
-
Size
1.7MB
-
Sample
240320-hrjjaabg7s
-
MD5
108f1a14941a42738f35f3d90dc3fcff
-
SHA1
4a3343dfde6b3d788e4e6b30aa606f38feea77fb
-
SHA256
ebf277783419a484a4d3dff2c7898ec2b3c7c95e90e9783e3597d5646a042b8e
-
SHA512
a5e425a7c5c865291e8c60d4bc28d9da01885205d17e6d689b3c3ad4a03743065380977d0d901f2b20181768d63ed39d8cf3eb3d6196eeae3e0b2c741fce4dc7
-
SSDEEP
24576:Zmuo4CvF26n1o+6R2b+vwzAH/8jZKl5uNPJ1iH9sxueTf/G:hcvYOo+0oM5utiH9gLf/
Static task
static1
Behavioral task
behavioral1
Sample
ebf277783419a484a4d3dff2c7898ec2b3c7c95e90e9783e3597d5646a042b8e.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
ebf277783419a484a4d3dff2c7898ec2b3c7c95e90e9783e3597d5646a042b8e.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
cobaltstrike
100000
http://154.16.10.161:4502/ca
-
access_type
512
-
host
154.16.10.161,/ca
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
4502
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCroKFtlo0voPHfDn8hVAhGv0NMZFoLaf7Ta90GT750v7G5kziLStBye0PeBgTQkDEyPycWglRMKgbUijZYGoGQXV1SB1QLqDvfj10OuKhuJE0K8FkjT3c9lD6lsYamPPnFyAkhg73c8m9zi7YimD32/3iLyFNzAeaKAy4ErKNRqQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MANM)
-
watermark
100000
Extracted
cobaltstrike
0
-
watermark
0
Targets
-
-
Target
ebf277783419a484a4d3dff2c7898ec2b3c7c95e90e9783e3597d5646a042b8e
-
Size
1.7MB
-
MD5
108f1a14941a42738f35f3d90dc3fcff
-
SHA1
4a3343dfde6b3d788e4e6b30aa606f38feea77fb
-
SHA256
ebf277783419a484a4d3dff2c7898ec2b3c7c95e90e9783e3597d5646a042b8e
-
SHA512
a5e425a7c5c865291e8c60d4bc28d9da01885205d17e6d689b3c3ad4a03743065380977d0d901f2b20181768d63ed39d8cf3eb3d6196eeae3e0b2c741fce4dc7
-
SSDEEP
24576:Zmuo4CvF26n1o+6R2b+vwzAH/8jZKl5uNPJ1iH9sxueTf/G:hcvYOo+0oM5utiH9gLf/
Score10/10 -