General
-
Target
3cb0d2cff9db85c8e816515ddc380ea73850846317b0bb73ea6145c026276948
-
Size
1.2MB
-
Sample
240410-mhj6nscd82
-
MD5
97fa94e60ccc91dcc6e5ee2848f48415
-
SHA1
76700821e8604b4ff271ff2ec75e89d43a50e6ef
-
SHA256
3cb0d2cff9db85c8e816515ddc380ea73850846317b0bb73ea6145c026276948
-
SHA512
8288b9942532cb6ecf098ba7e60db28fdff623541e8ecf14e693f1526960f050982f9d6e75c0fec9a0fdbb094c71d352a9ea59c028990c81b5aa1594ca3ffce9
-
SSDEEP
24576:7NeFKENMitcR7z8rh4hKlc5TgGMuRxKez:oFKSxcdIrh4es1+
Static task
static1
Behavioral task
behavioral1
Sample
Covid.lnk
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
Covid.lnk
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
bin/DeleteDateConnectionPosition.dll
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
bin/DeleteDateConnectionPosition.dll
Resource
win10v2004-20240226-en
Malware Config
Extracted
cobaltstrike
1359593325
http://sinitude.com:443/web/chatr.portal
-
access_type
512
-
beacon_type
2048
-
host
sinitude.com,/web/chatr.portal
-
http_header1
AAAACgAAABdDb250ZW50LVR5cGU6IHRleHQvaHRtbAAAAAoAAAAXQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUAAAAHAAAAAAAAAAgAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACFDb250ZW50LVR5cGU6IG11bHRpcGFydC9mb3JtLWRhdGEAAAAKAAAAF0NhY2hlLUNvbnRyb2w6IG5vLWNhY2hlAAAABwAAAAAAAAALAAAADAAAAAcAAAABAAAADQAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
7680
-
polling_time
60000
-
port_number
443
-
sc_process32
%windir%\syswow64\dllhost.exe
-
sc_process64
%windir%\sysnative\dllhost.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCmvg7ZMKuOy4b6zWQZu+OPtbyHRJvw2SFM1xPY8rgejFcFyo5c0JZTdjIsn1/P29ZHyiCMAuyxMFk9UWg3sWeZKknb1v6+NFQcMLyYjctXQuOnpEVJ17M2T+iOkUvMoBwBdWaNEPTDbJS8M+NIGXgkYR60ozQfEMWwIICwK89i+wIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
1.481970944e+09
-
unknown2
AAAABAAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/web/logon.aspx
-
user_agent
Mozilla/5.0 (Windows NT 6.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36
-
watermark
1359593325
Targets
-
-
Target
Covid.lnk
-
Size
1KB
-
MD5
da1787c54896a926b4893de19fd2554c
-
SHA1
445c7b77534206636b8e22a9ba57d9d941bb6303
-
SHA256
fdce78f3acfa557414d3f2c6cf95d18bdb8de1f6ffd3585256dfa682a441ac04
-
SHA512
b56f7054127521fde92dcf6987d1d20010377609ff104c364e721c9f650df5f8654a726ef497fcba67d5d89e6bb462021ad5d22996634eeed4df708c9b45487e
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
bin/DeleteDateConnectionPosition.dll
-
Size
597KB
-
MD5
37ea95f7fa8fb51446c18f9f3aa63df3
-
SHA1
246d49892298b850a8854b3bbdbbe516147f6fdd
-
SHA256
6ee1e629494d7b5138386d98bd718b010ee774fe4a4c9d0e069525408bb7b1f7
-
SHA512
3305bc222787e94778829228a488c2e8d5642702defafafa291fa6a218500fae8ef54ae5387c16084e0ebb36a9ee3eca5cd2cb3b94e879651afd521a58ec93c2
-
SSDEEP
12288:/NeFKFt0NM1Ai2rA8G7qC8rCO48C1+JUKlc58AgGMus6zNEhfTReSQD:/NeFKENMitcR7z8rh4hKlc5TgGMuRxKI
Score1/10 -