General
-
Target
3aa6bd2a44a2aa82da275f0633c0ef01d8afb95d95f27b7a37cafd994cf79479
-
Size
389KB
-
Sample
240417-p6sttsgb69
-
MD5
0625ed985d627ef361451c2b39f94020
-
SHA1
6c4a50221094d1a121c635736efce85155979087
-
SHA256
3aa6bd2a44a2aa82da275f0633c0ef01d8afb95d95f27b7a37cafd994cf79479
-
SHA512
ae203f484b2d8938a53f9777f8e2d68ace0d5bcc2359367054fb9b73afadfc3d82c680db5e2d22d2f544a452742ef1e14430317502d8cdc8921e6d71b98a6355
-
SSDEEP
6144:F0SQ+Xz67KOXlC+bRQrJcpIbI1c3eVL1DVtXrQG6VPhF+qQTg09CAL92XEZc:FXQ+j6eqUJ21cuVLVwPCPTg0992XEc
Static task
static1
Behavioral task
behavioral1
Sample
b375e37ee678d8fa056e06cfeccbe1077d517365a46981a811adb637ba5c838c.dll
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
b375e37ee678d8fa056e06cfeccbe1077d517365a46981a811adb637ba5c838c.dll
Resource
win10v2004-20240412-en
Malware Config
Extracted
cobaltstrike
206546002
http://thefirstupd.com:443/jquery-3.3.1.min.js
-
access_type
512
-
beacon_type
2048
-
host
thefirstupd.com,/jquery-3.3.1.min.js
-
http_header1
AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAAAoAAAAgUmVmZXJlcjogaHR0cDovL2NvZGUuanF1ZXJ5LmNvbS8AAAAKAAAAHkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQAAAAcAAAAAAAAADQAAAAIAAAAJX19jZmR1aWQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAAAoAAAAgUmVmZXJlcjogaHR0cDovL2NvZGUuanF1ZXJ5LmNvbS8AAAAKAAAAHkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQAAAAcAAAAAAAAADwAAAA0AAAAFAAAACF9fY2ZkdWlkAAAABwAAAAEAAAAPAAAADQAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
9472
-
polling_time
45000
-
port_number
443
-
sc_process32
%windir%\syswow64\dllhost.exe
-
sc_process64
%windir%\sysnative\dllhost.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCN5UAJbAA83lOuZlkNoqHDAdV1F7OJnqUiF3kD6mwuXzJzVpu9+f4l/QIUotuiQA+vvxdM3q/XGu77WogAe90LRUknEdoD6YnU32G/ts9dbSwG6HySt7cLn5B3FsomLWjBbssH9e31TihCUvZbK6PRzmLW4SBgZigBWLXZgu7+SwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
1.37154816e+09
-
unknown2
AAAABAAAAAEAAAXyAAAAAgAAAFQAAAACAAAPWwAAAA0AAAAPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/jquery-3.3.2.min.js
-
user_agent
Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 7.0; InfoPath.3; .NET CLR 3.1.40767; Trident/6.0; en-IN)
-
watermark
206546002
Targets
-
-
Target
b375e37ee678d8fa056e06cfeccbe1077d517365a46981a811adb637ba5c838c.exe
-
Size
757KB
-
MD5
6b500ad29c39f72cd77c150a47df64ea
-
SHA1
d16253151f6e59942e45b105efbc0f2e97984411
-
SHA256
b375e37ee678d8fa056e06cfeccbe1077d517365a46981a811adb637ba5c838c
-
SHA512
51c1b27b083f376d3d7ad9250dc0a58322e183cc23b49f29d30d5dd54216127d4c53a36837bd22b95b6e73b4ce2e3f9385ba0567cb5d9a44a36df9a420fe1374
-
SSDEEP
12288:JTccQYkTOmw29akBlIwJrdNbynC8lfTgjy5c0AsL/UWkr2dFrJDKThRCB3zkU86y:JTccQvw29akHyZpgy207zNRdRJDKTHC6
Score10/10 -