General
-
Target
e69ae2c2fbb29be43bbd107fd6bdceebe9584c5d103d555ea3b618c3aebb9048
-
Size
166KB
-
Sample
240417-rt9mxsca57
-
MD5
c319a302b51c63b8662ec4a9a3420ca8
-
SHA1
a125f70f3ea0bc36c8205247140c5df1145369a3
-
SHA256
e69ae2c2fbb29be43bbd107fd6bdceebe9584c5d103d555ea3b618c3aebb9048
-
SHA512
6ffe20be1c0cb39f7064e44252b5335fefcc573a01d68206a09e85dfe654d7c7e1c6d35d6cd9222890193e327a3d2b9932d8902de70b4d805cb68a7b4fc4f9d6
-
SSDEEP
3072:mJcTlJdOL3stHDHuEnw0P+WWDsVI7sB0EpKuT38YXn4eIjeyV+iucg:vBJq8NHu4wkvW4znk+3/3oucg
Static task
static1
Behavioral task
behavioral1
Sample
2ca06e5fefea1834a8449cac18f856bdee394fedb8baebbc2e490f1e54b46ef3.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2ca06e5fefea1834a8449cac18f856bdee394fedb8baebbc2e490f1e54b46ef3.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
cobaltstrike
100000000
http://0.0xo.lat:2083/massaction.html
-
access_type
512
-
beacon_type
2048
-
host
0.0xo.lat,/massaction.html
-
http_header1
AAAAEAAAAA9Ib3N0OiAwLjB4by5sYXQAAAAKAAAAEUNvbm5lY3Rpb246IGNsb3NlAAAACgAAAAtBY2NlcHQ6ICovKgAAAAcAAAAAAAAAAwAAAAMAAAACAAAABUhTSUQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAAEAAAAA9Ib3N0OiAwLjB4by5sYXQAAAAKAAAAEUNvbm5lY3Rpb246IGNsb3NlAAAACgAAABVBY2NlcHQtRW5jb2Rpbmc6IGd6aXAAAAAKAAAAGENvbnRlbnQtVHlwZTogdGV4dC9wbGFpbgAAAAcAAAABAAAADwAAAAMAAAAEAAAABwAAAAAAAAADAAAAAgAAAA5fX3Nlc3Npb25fX2lkPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
9984
-
polling_time
61882
-
port_number
2083
-
sc_process32
%windir%\syswow64\runonce.exe
-
sc_process64
%windir%\sysnative\runonce.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCzsonrmxliSNkZLrIr1jUfT2tvoGJcP2qf+n6vp+e1XiDRxysmU+LwwkZG13AMH8IfOLb6j0rTjZ9aDe0sbY1nV0Pr58cWJ75gBpoIbbzv+1/rpx+Ou3A/EPLL31F0HGSYyW1zXOHw+UCojPsGGed4ePpfkDSxxIrP302ERHjE7wIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
5.10860288e+08
-
unknown2
AAAABAAAAAIAAAFSAAAAAwAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/be
-
user_agent
Mozilla/5.0 (Windows Phone 10.0; Android 6.0.1; Microsoft; RM-1152) AppleWebKit/537.36 (KHTML, like Gecko)
-
watermark
100000000
Targets
-
-
Target
2ca06e5fefea1834a8449cac18f856bdee394fedb8baebbc2e490f1e54b46ef3.exe
-
Size
281KB
-
MD5
742af1224952b098f38d3995c3e7ffde
-
SHA1
2c1a08cbb43f1ddd3bd6d3ba10c3272a79c3dbb6
-
SHA256
2ca06e5fefea1834a8449cac18f856bdee394fedb8baebbc2e490f1e54b46ef3
-
SHA512
ff1599c19396114fe6b32e3ae9dc33b73d844dec5e39baf59abe059436db3a2220f4fb9c6c71fd65d4dbff83ef911843854f13c5cb57342a203a69551488ee53
-
SSDEEP
6144:mC5JbonlqFcS/yC808EwAgQnVyn0kkE06:PhHZ/v5wEnVyn0k
Score10/10 -