General
-
Target
4520-0-0x000002514D570000-0x000002514D5B1000-memory.dmp
-
Size
260KB
-
Sample
240518-bdtc1acd49
-
MD5
a9b718b2e032c6d2acf7813b2aea0434
-
SHA1
9fb5c182acb92badefa1c1d07690cccc60afa280
-
SHA256
d2d7b42ce9e82ee2019ee4f4fa28a0b1ac2b712b21470ccf7b42229767b1d140
-
SHA512
93935d21595822a7058076fb9e465705058b4203e1205349ff7eae9b3649b47a9819d9e995fd68b9a6df7620d7ac4b13dd852a16ddc002a6ec4fa28f88f58e33
-
SSDEEP
6144:fJqKG5d1IpMyibgkTZI6jHID90aCErBXsH/:f6d6tevoxSErBXq
Malware Config
Extracted
cobaltstrike
100000000
http://service-0xgb0mzs-1317544938.gz.tencentapigw.com.cn:443/api/x
-
access_type
512
-
beacon_type
2048
-
host
service-0xgb0mzs-1317544938.gz.tencentapigw.com.cn,/api/x
-
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAcAAAAAAAAAAwAAAAIAAAAKU0VTU0lPTklEPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAcAAAAAAAAAAwAAAAIAAAAJSlNFU1NJT049AAAABgAAAAZDb29raWUAAAAHAAAAAQAAAAMAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
1000
-
port_number
443
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCTN3bT8NJ0fEKrdSBxYZaEUo+LHW1kw2GMEUQ57BVhsz9BfFMtncyRie6VuHQXiJjB+Qo380pgukMIHbJdnl/ctsiMNQetoFzFjNZomiRgBQK6ne30XZVdi8h5AAeq4bHdhV+SjcvmVZQXT5bqaHeZOxH9iB9CQiR0RuuZZS6I8wIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
1.481970944e+09
-
unknown2
AAAABAAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/api/y
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:80.0) Gecko/20100101 Firefox/80.0
-
watermark
100000000
Targets
-
-
Target
4520-0-0x000002514D570000-0x000002514D5B1000-memory.dmp
-
Size
260KB
-
MD5
a9b718b2e032c6d2acf7813b2aea0434
-
SHA1
9fb5c182acb92badefa1c1d07690cccc60afa280
-
SHA256
d2d7b42ce9e82ee2019ee4f4fa28a0b1ac2b712b21470ccf7b42229767b1d140
-
SHA512
93935d21595822a7058076fb9e465705058b4203e1205349ff7eae9b3649b47a9819d9e995fd68b9a6df7620d7ac4b13dd852a16ddc002a6ec4fa28f88f58e33
-
SSDEEP
6144:fJqKG5d1IpMyibgkTZI6jHID90aCErBXsH/:f6d6tevoxSErBXq
Score1/10 -