General
-
Target
Malware-1.zip
-
Size
2.1MB
-
Sample
240514-wjv41agh2s
-
MD5
17c624245f92ac5bfe4aa7b8b0a5fcf3
-
SHA1
5f81a3b2923f923a913144009ddb4440ad01c440
-
SHA256
2c5d003e79e09c518aa19b703b9256a1d99dbae7f78ca06c1525114c5e521793
-
SHA512
81684ecead216eb4e912c1a8898f47c57e1c54ba03c47c10e8f4373ab9fecffd241d1fd6a5a6f736fb210d50bee5c6d1a770c27c2d1850e1daea8398bc365cd1
-
SSDEEP
49152:yf8ADgcm8vNoDZRTBakbtxxL3sdkxW5DS5zsmAoOWbB82+e8p:YDgcm5DTBX7xilS5zs3Wz+e8p
Static task
static1
Behavioral task
behavioral1
Sample
wsus.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
cobaltstrike
12345
http://zziveastnews.com:443/map.jpgv
-
access_type
512
-
beacon_type
2048
-
host
zziveastnews.com,/map.jpgv
-
http_header1
AAAAEAAAABZIb3N0OiB6eml2ZWFzdG5ld3MuY29tAAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAATQWNjZXB0OiBpbWFnZS94LXBuZwAAAAoAAAAYQWNjZXB0LUVuY29kaW5nOiBkZWZsYXRlAAAABwAAAAAAAAAPAAAAAwAAAAIAAAAFdXVpZD0AAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAAEAAAABZIb3N0OiB6eml2ZWFzdG5ld3MuY29tAAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAAYQ29udGVudC1UeXBlOiB0ZXh0L3BsYWluAAAABwAAAAEAAAALAAAAAwAAAAQAAAAHAAAAAAAAAAMAAAACAAAADl9fc2Vzc2lvbl9faWQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
8448
-
polling_time
43
-
port_number
443
-
sc_process32
%windir%\syswow64\gpupdate.exe
-
sc_process64
%windir%\sysnative\gpupdate.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2jAl4/r4IQxEmxC1UNgiW6cGfjQcNftIsoCpl7cFEKmif+MAqsBfttyPBjb9dY86R7EXkT1MhJgR7DmvoTw90pLpSkrQUmhWkqRdN9qBwlflgeL8knPqQ+g00HqsU54iTPWSzM8lCjfDeHdPJrI9C/BZ5iDuSj+8wafkJyWPcPwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
7.8457344e+07
-
unknown2
AAAABAAAAAIAAAJYAAAAAwAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/rapidiously
-
user_agent
Mozilla/5.0 (Linux; Android 11; SM-A715F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36
-
watermark
12345
Targets
-
-
Target
wsus.exe
-
Size
3.3MB
-
MD5
b6680e15c4f36e7b75fc6676bc911667
-
SHA1
ac47aa570a47e035fc72e15573521f5ad93433fa
-
SHA256
baa50dbdb108e1769c5b0beff7462ea7deb8fd37782a49f0911619bc51d42105
-
SHA512
b3cedd9502b40014d31c3c47a639dce50fa6132f2c5ef444e2d56eef268d82c39d7251af40f3e3eda9b12fc410bbcc3ba034b6008acb156ff1b02fd4be0b888d
-
SSDEEP
49152:GR9xkSPZ/KeerFSJvQVdXbqYBNr5BC7+wNBVVp5HKEsHd6q5zF51Ol4P/fROAbRU:TFNrTQTVVoHV5zL3MArU2S
Score10/10 -