General
-
Target
64.exe
-
Size
281KB
-
Sample
240425-3pzspsgc56
-
MD5
199c282d17616627bff569743ec477e8
-
SHA1
2b7efa7f482b0d20593a7efe851eac21e4c352db
-
SHA256
3cfa64cab0a5bd554c90a0b38043e88e1cc8ffda6f33b590660612c78aab35c8
-
SHA512
368313ddd1dee3cd78f39aa26bcbb1e8e9e71efeea429289d7bbd10b92fd7109d893a9194679728f67e839a905f706ab78dd4e6a567bba117fe29d7301da0653
-
SSDEEP
6144:6ClNPt6vPLfCE1aXtkMx3zY8YaEIOSV+hfPxWxzDcbo+SE:Pn67fc3zqVpPYxzDcbo+
Static task
static1
Behavioral task
behavioral1
Sample
64.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
64.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
cobaltstrike
100000
http://118.89.80.111:2211/updates
-
access_type
512
-
host
118.89.80.111,/updates
-
http_header1
AAAABwAAAAAAAAALAAAAAgAAAAV1c2VyPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAABJBY2NlcHQ6IHRleHQvcGxhaW4AAAAKAAAAFkFjY2VwdC1MYW5ndWFnZTogZW4tdXMAAAAKAAAAG0FjY2VwdC1FbmNvZGluZzogdGV4dC9wbGFpbgAAAAoAAAAvQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQAAAAHAAAAAAAAAAgAAAAFAAAAAmlkAAAABwAAAAEAAAADAAAAAgAAADsmb3A9MSZpZD12eGV5a1MmdWk9Sm9zaCBAClBDJnd2PTExJmdyPWJhY2tvZmYmYnY9MS41NSZkYXRhPQAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
2560
-
polling_time
5000
-
port_number
2211
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDvAHQoUWtBEt4DYUsXllmXe03JefRmQGnbjonT8WGFIUMOpr6H63zpDkOYTbG/Hk/Kii2n7TiCMam1Fa2Eg0O3QAK3oqaAAkdTVu1kIw6K65NmReeq1f/GN0EX2bcu0S/Q+2Ir7kCyY4Ditt8sZ8moTKNN2ar0MRhfCMQeSH7v8wIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
1.481970944e+09
-
unknown2
AAAABAAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/aero2/fly.php /windowsxp/updcheck.php
-
user_agent
Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Firefox/24.0
-
watermark
100000
Targets
-
-
Target
64.exe
-
Size
281KB
-
MD5
199c282d17616627bff569743ec477e8
-
SHA1
2b7efa7f482b0d20593a7efe851eac21e4c352db
-
SHA256
3cfa64cab0a5bd554c90a0b38043e88e1cc8ffda6f33b590660612c78aab35c8
-
SHA512
368313ddd1dee3cd78f39aa26bcbb1e8e9e71efeea429289d7bbd10b92fd7109d893a9194679728f67e839a905f706ab78dd4e6a567bba117fe29d7301da0653
-
SSDEEP
6144:6ClNPt6vPLfCE1aXtkMx3zY8YaEIOSV+hfPxWxzDcbo+SE:Pn67fc3zqVpPYxzDcbo+
Score10/10 -