General
-
Target
a1c679999b4967a925867fdf5b1da3081d921bc6eda3628ebdcd24f0d8895c33
-
Size
256KB
-
Sample
240427-y2yzqaga2y
-
MD5
2f2735da4ed6014185a7a43f6486e8c9
-
SHA1
d9e3405b444cecc25f141b3a12deeb4cb7c582c2
-
SHA256
a1c679999b4967a925867fdf5b1da3081d921bc6eda3628ebdcd24f0d8895c33
-
SHA512
83b0dc96a21d9687b2585145db042df0d371432d555f40cae1311da438333e0731c4c581496ff0fb22928d607747953d2ed6e037f8eed8bfc8ac5f029ee7cfb9
-
SSDEEP
3072:qc0nsHpyvGj346lbkBN/gppj8aJGIhxjT3A8ygbLAZmitdGlOXQS9tQYJ1b/S1Pl:qc0bPzIpt8ahTw8PHA8itQuQvzuE
Malware Config
Extracted
cobaltstrike
1580103824
http://88.214.27.80:4443/preload
-
access_type
512
-
beacon_type
2048
-
host
88.214.27.80,/preload
-
http_header1
AAAACQAAAAxtYW5pZmVzdD13YWMAAAAQAAAAF0hvc3Q6IG9uZWRyaXZlLmxpdmUuY29tAAAACgAAACZBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94bWw7Ki8qOwAAAAoAAAAeQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlAAAABwAAAAAAAAANAAAAAgAAAARFPVA6AAAAAQAAAAk9OlBGek05Y2oAAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAAEAAAABdIb3N0OiBvbmVkcml2ZS5saXZlLmNvbQAAAAoAAAAmQWNjZXB0OiB0ZXh0L2h0bWwsYXBwbGljYXRpb24veG1sOyovKjsAAAAKAAAAHkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQAAAAcAAAABAAAADQAAAAIAAAAERT1QOgAAAAEAAAAJPTpQRnpNOWNqAAAABgAAAAZDb29raWUAAAAHAAAAAAAAAA0AAAACAAAAG2h0dHBzOi8vcC5zZngubXMvc2EuaHRtbD9zPQAAAAYAAAAHUmVmZXJlcgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
GET
-
jitter
5120
-
polling_time
60000
-
port_number
4443
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCnOM3nXx+7HBhkbDd+AwFrFisSunK999w2tM0uTpuuEiBalcJhcL+QgQWtf6S7zPp5hjImG+2YcPl18geU4f5JlSPXHwilbK4DFb/ePWyKFjhrA7emVRqhM21QMlo1ANsn14rY/RO2pzuft8P7TXoIjjI/B2GGVuzYNZX6X4I2EwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
2.701664256e+09
-
unknown2
AAAABAAAAAEAAAJ8AAAAAgAABiUAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown3
1.610612736e+09
-
uri
/sa
-
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
-
watermark
1580103824
Targets
-
-
Target
a1c679999b4967a925867fdf5b1da3081d921bc6eda3628ebdcd24f0d8895c33
-
Size
256KB
-
MD5
2f2735da4ed6014185a7a43f6486e8c9
-
SHA1
d9e3405b444cecc25f141b3a12deeb4cb7c582c2
-
SHA256
a1c679999b4967a925867fdf5b1da3081d921bc6eda3628ebdcd24f0d8895c33
-
SHA512
83b0dc96a21d9687b2585145db042df0d371432d555f40cae1311da438333e0731c4c581496ff0fb22928d607747953d2ed6e037f8eed8bfc8ac5f029ee7cfb9
-
SSDEEP
3072:qc0nsHpyvGj346lbkBN/gppj8aJGIhxjT3A8ygbLAZmitdGlOXQS9tQYJ1b/S1Pl:qc0bPzIpt8ahTw8PHA8itQuQvzuE
Score1/10 -