General
-
Target
77dd01dfbc9bbf2ca5291302ec8dc14474c0c99cea205909d5f413dba2030e15
-
Size
2.7MB
-
Sample
240425-vsrx9sda63
-
MD5
d35032ce43f4e7a4df68847200d27ef5
-
SHA1
59f7c094ce4fd64ba0cd9cbbbf5d6d6a72093c35
-
SHA256
77dd01dfbc9bbf2ca5291302ec8dc14474c0c99cea205909d5f413dba2030e15
-
SHA512
a4a9a694f6daa4a6549fa937c147e17029b824eb1370d8112c4a1b198588fefd7e0b389951c1d66ac5bac818ff9157af9fbbb93096ee197dd043d6eaba609e4e
-
SSDEEP
49152:2cPrfp5UazeHWIECUQxWO0OCXYgiIvNqb11:ZUaze3V
Static task
static1
Behavioral task
behavioral1
Sample
77dd01dfbc9bbf2ca5291302ec8dc14474c0c99cea205909d5f413dba2030e15.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
77dd01dfbc9bbf2ca5291302ec8dc14474c0c99cea205909d5f413dba2030e15.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
cobaltstrike
391144938
http://8.141.95.164:45382/mht_image/
-
access_type
512
-
beacon_type
2048
-
host
8.141.95.164,/mht_image/
-
http_header1
AAAACgAAAEhBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKmw7cT0wLjgAAAAKAAAAHlJlZmVyZXI6IGh0dHA6Ly93d3cuZ29vZ2xlLmNvbQAAAAoAAAAQUHJhZ21hOiBuby1jYWNoZQAAAAoAAAAXQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUAAAAHAAAAAAAAAAgAAAABAAAABC5qcGcAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAoAAAAeUmVmZXJlcjogaHR0cDovL3d3dy5nb29nbGUuY29tAAAACgAAABBQcmFnbWE6IG5vLWNhY2hlAAAACgAAABdDYWNoZS1Db250cm9sOiBuby1jYWNoZQAAAAcAAAAAAAAACwAAAAEAAAAELnBuZwAAAAwAAAAHAAAAAQAAAAMAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
45382
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEZbzcff9JbW4j2x/g8sxgLnunWbGHmo3zR9JkMt0jK+fjwjaNT/mOzuzkVf/b9ewCmrfrKpQ7VriS/9HHUjqL/v5CIgjJ9PqutAmfSq/EZEeWHGnfn5N+Pn0VFOphJom0jX5slvpnPmCF/tRFs0xgSDKQJPQbH+5JLh4koNstzQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
1.481970944e+09
-
unknown2
AAAABAAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/mht_email/
-
user_agent
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NP09; NP09; MAAU)
-
watermark
391144938
Targets
-
-
Target
77dd01dfbc9bbf2ca5291302ec8dc14474c0c99cea205909d5f413dba2030e15
-
Size
2.7MB
-
MD5
d35032ce43f4e7a4df68847200d27ef5
-
SHA1
59f7c094ce4fd64ba0cd9cbbbf5d6d6a72093c35
-
SHA256
77dd01dfbc9bbf2ca5291302ec8dc14474c0c99cea205909d5f413dba2030e15
-
SHA512
a4a9a694f6daa4a6549fa937c147e17029b824eb1370d8112c4a1b198588fefd7e0b389951c1d66ac5bac818ff9157af9fbbb93096ee197dd043d6eaba609e4e
-
SSDEEP
49152:2cPrfp5UazeHWIECUQxWO0OCXYgiIvNqb11:ZUaze3V
Score10/10 -