General
-
Target
b2ebac7bc676bfbd1abfd2bf2b0d5fa00e2132ab8dc9f2c4875f63ba6053788f
-
Size
205KB
-
Sample
240520-17tnasaa71
-
MD5
fe8d05f1c284c5ccd01b03f80125cf42
-
SHA1
315be867964174c4e15973a88043cae0df0fecf2
-
SHA256
b2ebac7bc676bfbd1abfd2bf2b0d5fa00e2132ab8dc9f2c4875f63ba6053788f
-
SHA512
de92f5911f649bee284e3bd21208d355e1630076659b212ebe648434a9a453b35f1ea6a3bc9f72f9cb46cc47401b4cb0445de042f1203e007d08883e5edd4573
-
SSDEEP
3072:v/QPFX1eqEfuBNSYuiM8CNj8hFsoMX0ghsJRgCD3iFw9jdU45nS:v/MEfuN0t8C5oFsoeRM3o0jI
Malware Config
Extracted
cobaltstrike
426352781
http://101.201.235.65:55443/pixel
-
access_type
512
-
beacon_type
2048
-
host
101.201.235.65,/pixel
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
55443
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHXP+Oy3G8y0r6vqlqqM2QEidzi+BSK5vUZSz/aWbCkPeruCK3u0nO8Yb73ivkKdh6mHj7+2A/6IhNxYZjwnGUtgrLaSTh0GvNyBJlml0qpYSxPVO09WMVLCLyBYeFGUJEzuR48aFWUJiBA1p6TfbAuOPOATwohDMB8aPq3gViSwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/5.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/5.0)
-
watermark
426352781
Targets
-
-
Target
b2ebac7bc676bfbd1abfd2bf2b0d5fa00e2132ab8dc9f2c4875f63ba6053788f
-
Size
205KB
-
MD5
fe8d05f1c284c5ccd01b03f80125cf42
-
SHA1
315be867964174c4e15973a88043cae0df0fecf2
-
SHA256
b2ebac7bc676bfbd1abfd2bf2b0d5fa00e2132ab8dc9f2c4875f63ba6053788f
-
SHA512
de92f5911f649bee284e3bd21208d355e1630076659b212ebe648434a9a453b35f1ea6a3bc9f72f9cb46cc47401b4cb0445de042f1203e007d08883e5edd4573
-
SSDEEP
3072:v/QPFX1eqEfuBNSYuiM8CNj8hFsoMX0ghsJRgCD3iFw9jdU45nS:v/MEfuN0t8C5oFsoeRM3o0jI
Score3/10 -