General
-
Target
0277eda5a132c6ac8b3086e66a2c0fed4668c3090a82d50a82276703f65b126e
-
Size
1.3MB
-
Sample
240425-pfngesaf66
-
MD5
c20f533663149bbc6445f384bfdb1a20
-
SHA1
4bbeefdf52cb04cc62cd92b46a64c8bb090ffe74
-
SHA256
0277eda5a132c6ac8b3086e66a2c0fed4668c3090a82d50a82276703f65b126e
-
SHA512
ac73805099f7942a505107333577d85a4aabaa6aefac47c6da8446ce65eaac07c6d142863b0ba4b627d87f7b15b5b6773bda92103bbfdb4b8124e8e7fbd7ba66
-
SSDEEP
24576:KiGSMfHvYbpnuWcwGKx0X479B675fcGS:HG9vwbpBlPD6
Static task
static1
Behavioral task
behavioral1
Sample
0277eda5a132c6ac8b3086e66a2c0fed4668c3090a82d50a82276703f65b126e.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
0277eda5a132c6ac8b3086e66a2c0fed4668c3090a82d50a82276703f65b126e.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
cobaltstrike
100000000
http://8.217.5.38:443/zh
-
access_type
512
-
beacon_type
2048
-
host
8.217.5.38,/zh
-
http_header1
AAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAcAAAAAAAAACAAAAAMAAAACAAAADHJlZ19mYl9nYXRlPQAAAAYAAAAGQ29va2llAAAACQAAAAp0ZXJtcz10cnVlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAA9QWNjZXB0LUxhbmd1YWdlOiBmci1DSCwgZnI7cT0wLjksIGVuO3E9MC44LCBkZTtxPTAuNywgKjtxPTAuNQAAAAoAAAAYQ29udGVudC1UeXBlOiB0ZXh0L3BsYWluAAAABwAAAAEAAAALAAAAAwAAAAQAAAAHAAAAAAAAAAMAAAACAAAADl9fc2Vzc2lvbl9faWQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
11008
-
polling_time
63852
-
port_number
443
-
sc_process32
%windir%\syswow64\svchost.exe
-
sc_process64
%windir%\sysnative\svchost.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCDadoQooa0CO6geLdEGnbpHguDksL7zTPcvykfGu8/EW5atnWVj++UR7liQaNXADaCHy00Z9q+gNJ/gvxK3f3aqGWlTW3KjD6FdsgFGS4xVSmv4Gl3nnec7tbhRkAtYkFY0Op29GSuwa3npmNO4z9oqizsBN88YbFUyqhEXTn4FQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
6.1158912e+08
-
unknown2
AAAABAAAAAIAAAJYAAAAAwAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/temp
-
user_agent
Mozilla/5.0 (Linux; Android 7.0; Pixel C Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0
-
watermark
100000000
Targets
-
-
Target
0277eda5a132c6ac8b3086e66a2c0fed4668c3090a82d50a82276703f65b126e
-
Size
1.3MB
-
MD5
c20f533663149bbc6445f384bfdb1a20
-
SHA1
4bbeefdf52cb04cc62cd92b46a64c8bb090ffe74
-
SHA256
0277eda5a132c6ac8b3086e66a2c0fed4668c3090a82d50a82276703f65b126e
-
SHA512
ac73805099f7942a505107333577d85a4aabaa6aefac47c6da8446ce65eaac07c6d142863b0ba4b627d87f7b15b5b6773bda92103bbfdb4b8124e8e7fbd7ba66
-
SSDEEP
24576:KiGSMfHvYbpnuWcwGKx0X479B675fcGS:HG9vwbpBlPD6
Score10/10 -