General
-
Target
0dc53314837e1b23f578426d3ff5f4a659ab8c80cb71fd6983eeb29f9e1d528f
-
Size
523KB
-
Sample
240524-ddvl6saf7t
-
MD5
fed22c27962b828439a4b1fc8aec0214
-
SHA1
6c5e14ee3e53dd3a1fe552b11a564d8e4d063572
-
SHA256
0dc53314837e1b23f578426d3ff5f4a659ab8c80cb71fd6983eeb29f9e1d528f
-
SHA512
4dc30b2980c394127bcc00d4fafe6d4faa5dd27404fbe2992beaed0f4ae058056137b7a170e0c86adcca5fc7c369193f39f0dcc305d30196ecdd52f05905570d
-
SSDEEP
6144:6DB3O2FT/JjmbIw2tDcohDUlWdcO43rEhnW5x6HZINlp3WTZsZ1xyysgd0LGhgc:693rTFm69coBkongM6lpGTZayXgm669
Static task
static1
Behavioral task
behavioral1
Sample
0dc53314837e1b23f578426d3ff5f4a659ab8c80cb71fd6983eeb29f9e1d528f.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
0dc53314837e1b23f578426d3ff5f4a659ab8c80cb71fd6983eeb29f9e1d528f.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
cobaltstrike
305419896
http://49.235.206.130:443/FC001/JOHN
-
access_type
512
-
host
49.235.206.130,/FC001/JOHN
-
http_header1
AAAAEAAAABhIb3N0OiBmdWNrdW1hbi5nb29nbGUuY24AAAAKAAAAFkNvbm5lY3Rpb246IEtlZWwtQWxpdmUAAAAHAAAAAAAAAAsAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_header2
AAAAEAAAABdIb3N0OiBmdWNrdW1hbi5nb29sZS5jbgAAAAoAAAAWQ29ubmVjdGlvbjogS2VlbC1BbGl2ZQAAAAcAAAAAAAAACwAAAAwAAAAHAAAAAQAAAAMAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_method1
GET
-
http_method2
POST
-
jitter
5120
-
maxdns
255
-
polling_time
1000
-
port_number
443
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCnCZHWnYFqYB/6gJdkc4MPDTtBJ20nkEAd3tsY4tPKs8MV4yIjJb5CtlrbKHjzP1oD/1AQsj6EKlEMFIKtakLx5+VybrMYE+dDdkDteHmVX0AeFyw001FyQVlt1B+OSNPRscKI5sh1L/ZdwnrMy6S6nNbQ5N5hls6k2kgNO5nQ7QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
1.481970944e+09
-
unknown2
AAAABAAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/FC002/JOHN-
-
user_agent
Microsoft Internet Explorer
-
watermark
305419896
Targets
-
-
Target
0dc53314837e1b23f578426d3ff5f4a659ab8c80cb71fd6983eeb29f9e1d528f
-
Size
523KB
-
MD5
fed22c27962b828439a4b1fc8aec0214
-
SHA1
6c5e14ee3e53dd3a1fe552b11a564d8e4d063572
-
SHA256
0dc53314837e1b23f578426d3ff5f4a659ab8c80cb71fd6983eeb29f9e1d528f
-
SHA512
4dc30b2980c394127bcc00d4fafe6d4faa5dd27404fbe2992beaed0f4ae058056137b7a170e0c86adcca5fc7c369193f39f0dcc305d30196ecdd52f05905570d
-
SSDEEP
6144:6DB3O2FT/JjmbIw2tDcohDUlWdcO43rEhnW5x6HZINlp3WTZsZ1xyysgd0LGhgc:693rTFm69coBkongM6lpGTZayXgm669
Score10/10 -