General
-
Target
06bbb36baf63bc5cb14d7f097745955a4854a62fa3acef4d80c61b4fa002c542
-
Size
1.1MB
-
Sample
240522-y9fs4sfd5s
-
MD5
f927cd4f40c7a6dad769a8f9af771a8c
-
SHA1
0fdfef7c9cc4305df81b006e898e1592aa822437
-
SHA256
06bbb36baf63bc5cb14d7f097745955a4854a62fa3acef4d80c61b4fa002c542
-
SHA512
17cd03e8e2081fe36e2523fb6b0f35d9b3242713a79361862bebb5456a87c7adaf5b871590b92e3c720b44dd3c47a75b1822efbee91753233196d44dfa383796
-
SSDEEP
12288:Dd5glpcdxLyFiGEajesmR2K3WhCg57y5pKFCsB8ifspogP/5+vsxghdmy/sGS0dO:Ddu6TQSh2KxA7y69s8vBhdmy/sGKt
Static task
static1
Behavioral task
behavioral1
Sample
06bbb36baf63bc5cb14d7f097745955a4854a62fa3acef4d80c61b4fa002c542.exe
Resource
win10-20240404-en
Malware Config
Extracted
cobaltstrike
0
http://msc-mvc-updates.com:80/_/scs/mail-static/_/js/
-
access_type
512
-
host
msc-mvc-updates.com,/_/scs/mail-static/_/js/
-
http_header1
AAAABwAAAAAAAAADAAAAAgAAAAVPU0lEPQAAAAYAAAAGQ29va2llAAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAAAoAAAAfQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuNQAAAAoAAAAeQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlAAAACgAAAAZETlQ6IDEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACQAAAA11aT1kMzI0NGM0NzA3AAAACQAAAAtob3A9NjkyODYzMgAAAAkAAAAHc3RhcnQ9MAAAAAoAAAA9Q29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQ7Y2hhcnNldD11dGYtOAAAAAcAAAAAAAAAAwAAAAIAAAAFT1NJRD0AAAAGAAAABkNvb2tpZQAAAAcAAAABAAAAAwAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
3840
-
polling_time
60000
-
port_number
80
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCnOM3nXx+7HBhkbDd+AwFrFisSunK999w2tM0uTpuuEiBalcJhcL+QgQWtf6S7zPp5hjImG+2YcPl18geU4f5JlSPXHwilbK4DFb/ePWyKFjhrA7emVRqhM21QMlo1ANsn14rY/RO2pzuft8P7TXoIjjI/B2GGVuzYNZX6X4I2EwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
5.37071616e+08
-
unknown2
AAAABAAAAAEAAAF3AAAAAQAAAPoAAAACAAAABAAAAAIAAAAcAAAAAgAAACQAAAACAAAAEgAAAAIAAAAEAAAAAgAAABwAAAACAAAAJAAAAAIAAAARAAAAAgAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/mail/u/0/
-
user_agent
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALC)
-
watermark
0
Targets
-
-
Target
06bbb36baf63bc5cb14d7f097745955a4854a62fa3acef4d80c61b4fa002c542
-
Size
1.1MB
-
MD5
f927cd4f40c7a6dad769a8f9af771a8c
-
SHA1
0fdfef7c9cc4305df81b006e898e1592aa822437
-
SHA256
06bbb36baf63bc5cb14d7f097745955a4854a62fa3acef4d80c61b4fa002c542
-
SHA512
17cd03e8e2081fe36e2523fb6b0f35d9b3242713a79361862bebb5456a87c7adaf5b871590b92e3c720b44dd3c47a75b1822efbee91753233196d44dfa383796
-
SSDEEP
12288:Dd5glpcdxLyFiGEajesmR2K3WhCg57y5pKFCsB8ifspogP/5+vsxghdmy/sGS0dO:Ddu6TQSh2KxA7y69s8vBhdmy/sGKt
Score10/10-
This rule detects cobalt strike beacons.
This rule detects cobalt strike beacons.
-