Analysis
-
max time kernel
149s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
18-05-2024 11:47
Static task
static1
Behavioral task
behavioral1
Sample
991e4e064c72ac11c520d637ce2d6205a68103af0b77de18b3c753dea71a8d0a.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
991e4e064c72ac11c520d637ce2d6205a68103af0b77de18b3c753dea71a8d0a.exe
Resource
win10v2004-20240508-en
General
-
Target
991e4e064c72ac11c520d637ce2d6205a68103af0b77de18b3c753dea71a8d0a.exe
-
Size
6.4MB
-
MD5
b77d9fb1de01f78eacdee7ca3d769cee
-
SHA1
8448315d2e6390f00ee197d5c2dd7ceea6157d58
-
SHA256
991e4e064c72ac11c520d637ce2d6205a68103af0b77de18b3c753dea71a8d0a
-
SHA512
a1ac403b97b8aa162390b373d9da1d3c4634cde098b2c6f60f49cc981a2f386ec78111d13c31205454664fc2367161cf90c1d71be823374463fc32022855d95a
-
SSDEEP
98304:G3uzpcm8EomzSvkBSkL/cFbyxwMQpD3qrtYMjky:Ouz6m1b1BSkTcZyxwM+D3mtJ
Malware Config
Extracted
cobaltstrike
100000000
http://sx.qaxno1.ml:8443/poll
-
access_type
512
-
beacon_type
2048
-
host
sx.qaxno1.ml,/poll
-
http_header1
AAAACgAAABpYLUN1c3RvbS1QU0s6IFtTT01FX1ZBTFVFXQAAAAcAAAAAAAAADQAAAAgAAAANAAAABQAAAAV0b2tlbgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACQAAAB5hY3Rpb249R2V0RXh0ZW5zaWJpbGl0eUNvbnRleHQAAAAKAAAALUNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vanNvbjsgY2hhcnNldD11dGYtOAAAAAoAAAAQUHJhZ21hOiBuby1jYWNoZQAAAAoAAAAaWC1DdXN0b20tUFNLOiBbU09NRV9WQUxVRV0AAAAHAAAAAAAAAAUAAAAFdG9rZW4AAAAHAAAAAQAAAA8AAAADAAAAAgAAABl7InZlcnNpb24iOiIyIiwicmVwb3J0IjoiAAAAAQAAAAIifQAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
1000
-
port_number
8443
-
sc_process32
%windir%\syswow64\dllhost.exe
-
sc_process64
%windir%\sysnative\dllhost.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqzEJfhNRDTUWc4OFw6QgWMCgtZpCzf+4+RQGYwL9gNHEC7Oh+6fCB3hnfVWpvxm96OVnB0eWJt6P1aNkZxVZ+u6PuqrBRm+Ad5gbjYgujotq7rM44FsmQaZAp8fORER8oRJjuMN1AxEzkj0VjMXZ8LwkT+0lyLqjjmBsdJBcCWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
2.102727936e+09
-
unknown2
AAAABAAAAAEAAAACAAAAAgAAACMAAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/upload
-
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36
-
watermark
100000000
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.