General
-
Target
29bd6558bec40656e743999243b7e16f0acae97a196486c64e47dbf70223824f
-
Size
259KB
-
Sample
240520-3bqmwaag73
-
MD5
34d3859107931a4c674430679043f545
-
SHA1
e05cf3ede1667d7a1a58eeaa5a438483bc2d57c7
-
SHA256
29bd6558bec40656e743999243b7e16f0acae97a196486c64e47dbf70223824f
-
SHA512
1aa6c4d594c4177f67bca45634e53e61b95caa1ef57ad345e6ecf9129ae393bc20e9027dd80ec99f9f70ee23b6c306c4413fcbf053ba2996cb7b01763d1d9426
-
SSDEEP
3072:chWKHXsrtEaLjmIug/gpvvYdJN5yFxTWzHV5/E3t340ITutmwtlxYJLzeITis9mP:chWBXmIjIpHYdYTW7s3qPTQVxqTizAu
Malware Config
Extracted
cobaltstrike
1725767191
http://cc.improtest.com:443/dev/api/
-
access_type
512
-
beacon_type
2048
-
host
cc.improtest.com,/dev/api/
-
http_header1
AAAABwAAAAAAAAALAAAAAgAAAAV1c2VyPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAABJBY2NlcHQ6IHRleHQvcGxhaW4AAAAKAAAAFkFjY2VwdC1MYW5ndWFnZTogZW4tdXMAAAAKAAAAG0FjY2VwdC1FbmNvZGluZzogdGV4dC9wbGFpbgAAAAoAAAAvQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQAAAAHAAAAAAAAAAgAAAAFAAAAAmlkAAAABwAAAAEAAAAPAAAAAgAAADsmb3A9MSZpZD12eGV5a1MmdWk9Sm9zaCBAIFBDJnd2PTExJmdyPWJhY2tvZmYmYnY9MS41NSZkYXRhPQAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
2560
-
polling_time
5000
-
port_number
443
-
sc_process32
%windir%\syswow64\bootcfg.exe
-
sc_process64
%windir%\sysnative\bootcfg.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDc1pwDe77wU3sCe+KZrmT+VhQbwLisxxn0C7/qM9JJ8nBOVvIB90xiNplzmXVX4z/Lf6T+smzOaHQTZn86mE1nJhbUkmP4aG4Al+HOkKBcnQvi0vtcM6NggSzYvZ3FvH5oYy0ifIMnn47hI3peMy42foyVTCIgdAl/ATl8BuHu3wIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
1.481970944e+09
-
unknown2
AAAABAAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/ret/api/
-
user_agent
Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Firefox/24.0
-
watermark
1725767191
Targets
-
-
Target
29bd6558bec40656e743999243b7e16f0acae97a196486c64e47dbf70223824f
-
Size
259KB
-
MD5
34d3859107931a4c674430679043f545
-
SHA1
e05cf3ede1667d7a1a58eeaa5a438483bc2d57c7
-
SHA256
29bd6558bec40656e743999243b7e16f0acae97a196486c64e47dbf70223824f
-
SHA512
1aa6c4d594c4177f67bca45634e53e61b95caa1ef57ad345e6ecf9129ae393bc20e9027dd80ec99f9f70ee23b6c306c4413fcbf053ba2996cb7b01763d1d9426
-
SSDEEP
3072:chWKHXsrtEaLjmIug/gpvvYdJN5yFxTWzHV5/E3t340ITutmwtlxYJLzeITis9mP:chWBXmIjIpHYdYTW7s3qPTQVxqTizAu
Score1/10 -