General
-
Target
c020df0b77f8dfa62f37ed491e39a34dba15299f7ad448c69fd3ae9c57dccace
-
Size
11.8MB
-
Sample
240329-sgt75sba81
-
MD5
7ac31190bf802d29201d85b95a7a979c
-
SHA1
88c4681ad9268570af2fec3fc50d489500504ffa
-
SHA256
c020df0b77f8dfa62f37ed491e39a34dba15299f7ad448c69fd3ae9c57dccace
-
SHA512
00e2156e4ab85617cae29eb22a02724c08b5848797fb0a6bf9be44a3f25eae901a6a6156097a224aa0b44361bbc70b1fce77d409e5f7abfcec331619f1ddba8f
-
SSDEEP
196608:mW9bTm1k8hkEI/F5D/SFGK1c1W903eV4QRJ993iObM9SEKuLmh6TnW6KJSPG:19bTm28hQfuwW+eGQRT93iOb9cL468Jf
Behavioral task
behavioral1
Sample
c020df0b77f8dfa62f37ed491e39a34dba15299f7ad448c69fd3ae9c57dccace.exe
Resource
win7-20240319-en
Behavioral task
behavioral2
Sample
c020df0b77f8dfa62f37ed491e39a34dba15299f7ad448c69fd3ae9c57dccace.exe
Resource
win10v2004-20240319-en
Malware Config
Extracted
cobaltstrike
987654321
http://74.211.105.140:65443/image/
-
access_type
512
-
beacon_type
2048
-
host
74.211.105.140,/image/
-
http_header1
AAAACgAAAEhBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKmw7cT0wLjgAAAAKAAAAHlJlZmVyZXI6IGh0dHA6Ly93d3cuZ29vZ2xlLmNvbQAAAAoAAAAQUHJhZ21hOiBuby1jYWNoZQAAAAoAAAAXQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUAAAAHAAAAAAAAAAgAAAABAAAABC5qcGcAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAoAAAAeUmVmZXJlcjogaHR0cDovL3d3dy5nb29nbGUuY29tAAAACgAAABBQcmFnbWE6IG5vLWNhY2hlAAAACgAAABdDYWNoZS1Db250cm9sOiBuby1jYWNoZQAAAAcAAAAAAAAACwAAAAEAAAAELnBuZwAAAAwAAAAHAAAAAQAAAAMAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
65443
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCo6gjeiOv8ikX8LQ2BCTJHeb2MEsiBxqr6QSSAeosvjFwuNgkR5vYGdSCXPqEO2SXE6rhSsJ2RfvmK49TsMoyOXFvLDHIQUzWdc114peOCH6x/5Zc7dGtq6OUeQN2j2PrUY3N/ggHA++sNQLbX/KnOXTzDHUqFh04+Utxb5dAyhwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
1.481970944e+09
-
unknown2
AAAABAAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/email/
-
user_agent
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
-
watermark
987654321
Targets
-
-
Target
c020df0b77f8dfa62f37ed491e39a34dba15299f7ad448c69fd3ae9c57dccace
-
Size
11.8MB
-
MD5
7ac31190bf802d29201d85b95a7a979c
-
SHA1
88c4681ad9268570af2fec3fc50d489500504ffa
-
SHA256
c020df0b77f8dfa62f37ed491e39a34dba15299f7ad448c69fd3ae9c57dccace
-
SHA512
00e2156e4ab85617cae29eb22a02724c08b5848797fb0a6bf9be44a3f25eae901a6a6156097a224aa0b44361bbc70b1fce77d409e5f7abfcec331619f1ddba8f
-
SSDEEP
196608:mW9bTm1k8hkEI/F5D/SFGK1c1W903eV4QRJ993iObM9SEKuLmh6TnW6KJSPG:19bTm28hQfuwW+eGQRT93iOb9cL468Jf
Score10/10-
Loads dropped DLL
-