Analysis
-
max time kernel
148s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
10-04-2024 10:36
Static task
static1
Behavioral task
behavioral1
Sample
43886ea4e57b421bb15bb26f949ef3b1d9056229357b62babb7fec56f7cd0975.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
43886ea4e57b421bb15bb26f949ef3b1d9056229357b62babb7fec56f7cd0975.exe
Resource
win10v2004-20240226-en
General
-
Target
43886ea4e57b421bb15bb26f949ef3b1d9056229357b62babb7fec56f7cd0975.exe
-
Size
281KB
-
MD5
ba115a0402d7cdd4ac975ef05950b7a6
-
SHA1
212d943bc5a1e7938e0a55ca2e75ab6b75ded9a4
-
SHA256
43886ea4e57b421bb15bb26f949ef3b1d9056229357b62babb7fec56f7cd0975
-
SHA512
bb781623470aecb3dbb220c6e372401dffcf3c75d0ebc062e3950a9a4668b564b56e14262eed2e914f04d56dc1c4b194e1bf935be793a654047c3b0faa35c1f2
-
SSDEEP
6144:tCnyQ8a/L3BI1UlSziQ2TGNFqRU8tRPDWAH1TP:EDBI1UgzZUeOU8tRP/H9
Malware Config
Extracted
cobaltstrike
426352781
http://https.glogln.com:443/c/msdownload/update/others/2019/12/rEzZEqtK8REx9Dx51mT0
-
access_type
512
-
beacon_type
2048
-
host
https.glogln.com,/c/msdownload/update/others/2019/12/rEzZEqtK8REx9Dx51mT0
-
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAABAAAAAWSG9zdDogaHR0cHMuZ2xvZ2xuLmNvbQAAAAcAAAAAAAAADQAAAAEAAAAELmNhYgAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAcAAAAAAAAAAgAAAB1kb3dubG9hZC53aW5kb3dzdXBkYXRlLmNvbS9jLwAAAAYAAAAESG9zdAAAAAcAAAABAAAADQAAAAEAAAAELmNhYgAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
GET
-
jitter
4864
-
polling_time
45000
-
port_number
443
-
sc_process32
%windir%\syswow64\powercfg.exe
-
sc_process64
%windir%\sysnative\powercfg.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQChATUBx0EjIPUQPN6N8qArJ4C7dDHoD7D3RYzoSvbscBVIKBFEduWSU22afIg0y2pPG9oHOvnVfRMKagRAcW0IVTr0vRoj2PS8UOFmUYdUJfGUoLAwmv8o2BDuh1+TyQ3s9vz624TIRD9BD7Or0d1AhzFpgHERSAf7ujBzTbG6wwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown3
1.610612736e+09
-
uri
/c/msdownload/update/others/2019/12/mTrBOLQ1uh25YnQ8zaD58LogM
-
user_agent
Mozilla/5.0 (X11; Linux x86_64:71.0) Gecko/20100101 Firefox/71.0
-
watermark
426352781
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.