Analysis
-
max time kernel
141s -
max time network
137s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
17-04-2024 14:30
Static task
static1
Behavioral task
behavioral1
Sample
2ca06e5fefea1834a8449cac18f856bdee394fedb8baebbc2e490f1e54b46ef3.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2ca06e5fefea1834a8449cac18f856bdee394fedb8baebbc2e490f1e54b46ef3.exe
Resource
win10v2004-20240412-en
General
-
Target
2ca06e5fefea1834a8449cac18f856bdee394fedb8baebbc2e490f1e54b46ef3.exe
-
Size
281KB
-
MD5
742af1224952b098f38d3995c3e7ffde
-
SHA1
2c1a08cbb43f1ddd3bd6d3ba10c3272a79c3dbb6
-
SHA256
2ca06e5fefea1834a8449cac18f856bdee394fedb8baebbc2e490f1e54b46ef3
-
SHA512
ff1599c19396114fe6b32e3ae9dc33b73d844dec5e39baf59abe059436db3a2220f4fb9c6c71fd65d4dbff83ef911843854f13c5cb57342a203a69551488ee53
-
SSDEEP
6144:mC5JbonlqFcS/yC808EwAgQnVyn0kkE06:PhHZ/v5wEnVyn0k
Malware Config
Extracted
cobaltstrike
100000000
http://0.0xo.lat:2083/massaction.html
-
access_type
512
-
beacon_type
2048
-
host
0.0xo.lat,/massaction.html
-
http_header1
AAAAEAAAAA9Ib3N0OiAwLjB4by5sYXQAAAAKAAAAEUNvbm5lY3Rpb246IGNsb3NlAAAACgAAAAtBY2NlcHQ6ICovKgAAAAcAAAAAAAAAAwAAAAMAAAACAAAABUhTSUQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAAEAAAAA9Ib3N0OiAwLjB4by5sYXQAAAAKAAAAEUNvbm5lY3Rpb246IGNsb3NlAAAACgAAABVBY2NlcHQtRW5jb2Rpbmc6IGd6aXAAAAAKAAAAGENvbnRlbnQtVHlwZTogdGV4dC9wbGFpbgAAAAcAAAABAAAADwAAAAMAAAAEAAAABwAAAAAAAAADAAAAAgAAAA5fX3Nlc3Npb25fX2lkPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
9984
-
polling_time
61882
-
port_number
2083
-
sc_process32
%windir%\syswow64\runonce.exe
-
sc_process64
%windir%\sysnative\runonce.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCzsonrmxliSNkZLrIr1jUfT2tvoGJcP2qf+n6vp+e1XiDRxysmU+LwwkZG13AMH8IfOLb6j0rTjZ9aDe0sbY1nV0Pr58cWJ75gBpoIbbzv+1/rpx+Ou3A/EPLL31F0HGSYyW1zXOHw+UCojPsGGed4ePpfkDSxxIrP302ERHjE7wIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
5.10860288e+08
-
unknown2
AAAABAAAAAIAAAFSAAAAAwAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/be
-
user_agent
Mozilla/5.0 (Windows Phone 10.0; Android 6.0.1; Microsoft; RM-1152) AppleWebKit/537.36 (KHTML, like Gecko)
-
watermark
100000000
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.