General
-
Target
2395ba2eef84a9ee7851455354f32cbde990f771710a124f1127a69523ba0de4
-
Size
205KB
-
Sample
240410-k3redadb9z
-
MD5
7cae791063f0a702a95205e4d15ef024
-
SHA1
ec845ab286e4824f2a75d19f474338561637dd5f
-
SHA256
2395ba2eef84a9ee7851455354f32cbde990f771710a124f1127a69523ba0de4
-
SHA512
ccd26e1e20b8721b9fe9632f8eeca3a5892733a96235eae123e049276986ebcc9393748beff14664ac480db37e4a03efa9067d643959a9f6120e997bbb68a831
-
SSDEEP
3072:0/QPFX1eqEfuBNSYuiM8CNj8hFsoMX0ghsJRgCD3iFw9jdUs5Km:0/MEfuN0t8C5oFsoeRM3o0jn
Malware Config
Extracted
cobaltstrike
1580103824
http://179.60.150.53:443/preload
-
access_type
512
-
beacon_type
2048
-
host
179.60.150.53,/preload
-
http_header1
AAAACQAAAAxtYW5pZmVzdD13YWMAAAAQAAAAF0hvc3Q6IG9uZWRyaXZlLmxpdmUuY29tAAAACgAAACZBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94bWw7Ki8qOwAAAAoAAAAeQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlAAAABwAAAAAAAAANAAAAAgAAAARFPVA6AAAAAQAAAAk9OlBGek05Y2oAAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAAEAAAABdIb3N0OiBvbmVkcml2ZS5saXZlLmNvbQAAAAoAAAAmQWNjZXB0OiB0ZXh0L2h0bWwsYXBwbGljYXRpb24veG1sOyovKjsAAAAKAAAAHkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQAAAAcAAAABAAAADQAAAAIAAAAERT1QOgAAAAEAAAAJPTpQRnpNOWNqAAAABgAAAAZDb29raWUAAAAHAAAAAAAAAA0AAAACAAAAG2h0dHBzOi8vcC5zZngubXMvc2EuaHRtbD9zPQAAAAYAAAAHUmVmZXJlcgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
GET
-
jitter
5120
-
polling_time
60000
-
port_number
443
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCCguqlzoO+ABLwwGtDvSQqmTTkjYPjGvySCwZv/DLa54ncnEw/ic0jvu4DWvQZszN22WXgiiUoN/h492D1kF0ja9D3IF5ulwAPUDAWhDqk/REdeRxYjgX80n7MjaWFflIw/rhr0jfhTbAstShixIsyK07hCuxIOWdX9xp5PvAqgQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
2.701656066e+09
-
unknown2
AAAABAAAAAEAAAJ8AAAAAgAABiUAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown3
1.610612736e+09
-
uri
/sa
-
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
-
watermark
1580103824
Targets
-
-
Target
2395ba2eef84a9ee7851455354f32cbde990f771710a124f1127a69523ba0de4
-
Size
205KB
-
MD5
7cae791063f0a702a95205e4d15ef024
-
SHA1
ec845ab286e4824f2a75d19f474338561637dd5f
-
SHA256
2395ba2eef84a9ee7851455354f32cbde990f771710a124f1127a69523ba0de4
-
SHA512
ccd26e1e20b8721b9fe9632f8eeca3a5892733a96235eae123e049276986ebcc9393748beff14664ac480db37e4a03efa9067d643959a9f6120e997bbb68a831
-
SSDEEP
3072:0/QPFX1eqEfuBNSYuiM8CNj8hFsoMX0ghsJRgCD3iFw9jdUs5Km:0/MEfuN0t8C5oFsoeRM3o0jn
Score3/10 -