General
-
Target
80788a1b74438e67564781c139996d85167f25f2b3885b094aaebd35fc21c5ec
-
Size
2.9MB
-
Sample
240326-kxh6taef89
-
MD5
258c9b2fc8dcb0547b08618a00f130f8
-
SHA1
cb4db6ae7fe7a5e0864ab1ce822b520823123612
-
SHA256
80788a1b74438e67564781c139996d85167f25f2b3885b094aaebd35fc21c5ec
-
SHA512
2ebbe29f3d7f48f96657e180b8fe794585afdea8b5a86822fa59806802b124c045345edb67ccdeaafd79dee5bebcd602f4f0b8d5b8168f5862752b480dd06cec
-
SSDEEP
49152:+RwF8yI4fotnHViwPG9ku/B56xgO7vYFCL5QV:+CrcckXJ7vYFCL5QV
Static task
static1
Behavioral task
behavioral1
Sample
80788a1b74438e67564781c139996d85167f25f2b3885b094aaebd35fc21c5ec.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
80788a1b74438e67564781c139996d85167f25f2b3885b094aaebd35fc21c5ec.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
cobaltstrike
391144938
http://39.100.86.42:4443/download/20/ZO2XY7A4BOWU
-
access_type
512
-
beacon_type
2048
-
host
39.100.86.42,/download/20/ZO2XY7A4BOWU
-
http_header1
AAAACgAAADRBY2NlcHQ6IGFwcGxpY2F0aW9uL3htbCwgYXBwbGljYXRpb24vanNvbiwgdGV4dC9odG1sAAAACgAAABNBY2NlcHQtTGFuZ3VhZ2U6IGVzAAAACgAAABxBY2NlcHQtRW5jb2Rpbmc6IGNvbXByZXNzLCAqAAAABwAAAAAAAAAPAAAACAAAAAIAAAAPYXV0aF90b2tlblJQRkQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAADRBY2NlcHQ6IGFwcGxpY2F0aW9uL3htbCwgYXBwbGljYXRpb24vanNvbiwgdGV4dC9odG1sAAAACgAAABZBY2NlcHQtTGFuZ3VhZ2U6IGVuLWllAAAACgAAAB1BY2NlcHQtRW5jb2Rpbmc6IGNvbXByZXNzLCBicgAAAAcAAAAAAAAADwAAAAsAAAAFAAAACV9MRk9DRkZLVQAAAAcAAAABAAAADwAAAA0AAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
9984
-
polling_time
118505
-
port_number
4443
-
sc_process32
%windir%\syswow64\Locator.exe
-
sc_process64
%windir%\sysnative\WUAUCLT.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCSQrvehtufcIZXD/TShooFgwFOWEDGt1PjgLY7Pkm38YCJPPcqVS+bDXi6Wzrxm/1Ha5M3qONJ5tfaEQYDXEY+uu0p8HWdN2ONrqMdK9osCGxY7lGfWhdD/DVIVx7YdHBb3UgvdhzeDZn9ShNG/amNf67H1bCxBCmZkM/F6AllhQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
6.78630656e+08
-
unknown2
AAAABAAAAAEAABDyAAAAAgAADNsAAAANAAAADwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/Fashion/account/5TQ57I2XMZ9Q
-
user_agent
Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.94 Safari/537.36
-
watermark
391144938
-
year
512
Targets
-
-
Target
80788a1b74438e67564781c139996d85167f25f2b3885b094aaebd35fc21c5ec
-
Size
2.9MB
-
MD5
258c9b2fc8dcb0547b08618a00f130f8
-
SHA1
cb4db6ae7fe7a5e0864ab1ce822b520823123612
-
SHA256
80788a1b74438e67564781c139996d85167f25f2b3885b094aaebd35fc21c5ec
-
SHA512
2ebbe29f3d7f48f96657e180b8fe794585afdea8b5a86822fa59806802b124c045345edb67ccdeaafd79dee5bebcd602f4f0b8d5b8168f5862752b480dd06cec
-
SSDEEP
49152:+RwF8yI4fotnHViwPG9ku/B56xgO7vYFCL5QV:+CrcckXJ7vYFCL5QV
Score10/10 -