General
-
Target
1999b21f8bc86da7a3e73b75c7558e1344cd01a4c2154023d5b9bf5c443a9c08
-
Size
208KB
-
Sample
240420-xzwwxafg57
-
MD5
842b55772cc5cd42076f352782df375a
-
SHA1
70e8ac0b31150b328b77f067f1a9635c02c406f3
-
SHA256
1999b21f8bc86da7a3e73b75c7558e1344cd01a4c2154023d5b9bf5c443a9c08
-
SHA512
db1ff8b465d92432836032ff048bc3ac2aa99c0ced5bf2e4c1e0ae98fe56f90f958c3699c9ebdd4d3418be5acc6e6c7e5ff4efc5b0a19ccba90b64d41ea335d1
-
SSDEEP
3072:cI6CqRCxffkClZ8Ccn7LQlRw6x+Y3CxT2DtK5jdU5Y56:cIDff9D8C6XYRw6MT2DEj
Malware Config
Extracted
cobaltstrike
100000000
http://123.253.33.28:443/www/handle/doc
-
access_type
512
-
beacon_type
2048
-
host
123.253.33.28,/www/handle/doc
-
http_header1
AAAABwAAAAAAAAANAAAAAgAAAApTRVNTSU9OSUQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAABwAAAAAAAAAPAAAACwAAAAUAAAADZG9jAAAABwAAAAEAAAAPAAAADQAAAAIAAAAFZGF0YT0AAAABAAAAAiUlAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
3000
-
port_number
443
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCJbvhy6JuFGp0tet9pt+2JfeaXJem7fbX7AytEUzJcxqLrdHUARfxRhogj2yZxAQpgckMJfff9qMqYH29Z4Q6UIMV3fFNKCiXns9lq65OUoCiOS/W78GyheSkt0GGrqm3AS8Uqe0KXDP+lpq/bCnc0Gie2RpWOw0l6Zwk2IMb/cwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
2.51666432e+08
-
unknown2
AAAABAAAAAEAAAACAAAAAgAAAAUAAAAIAAAADwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/update.php
-
user_agent
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; InfoPath.2; InfoPath.3)
-
watermark
100000000
Targets
-
-
Target
1999b21f8bc86da7a3e73b75c7558e1344cd01a4c2154023d5b9bf5c443a9c08
-
Size
208KB
-
MD5
842b55772cc5cd42076f352782df375a
-
SHA1
70e8ac0b31150b328b77f067f1a9635c02c406f3
-
SHA256
1999b21f8bc86da7a3e73b75c7558e1344cd01a4c2154023d5b9bf5c443a9c08
-
SHA512
db1ff8b465d92432836032ff048bc3ac2aa99c0ced5bf2e4c1e0ae98fe56f90f958c3699c9ebdd4d3418be5acc6e6c7e5ff4efc5b0a19ccba90b64d41ea335d1
-
SSDEEP
3072:cI6CqRCxffkClZ8Ccn7LQlRw6x+Y3CxT2DtK5jdU5Y56:cIDff9D8C6XYRw6MT2DEj
Score3/10 -