General
-
Target
8fdcd195bd829919ba267cb650ddb750fb3ffe30d783f21fea25c3fcccf30154
-
Size
2.5MB
-
Sample
240524-m11ldaee67
-
MD5
6bfaa5a65025c9762dbd759cf92272bb
-
SHA1
1e738b9ba88d27e5a991691c5a60555f2e4af4cc
-
SHA256
8fdcd195bd829919ba267cb650ddb750fb3ffe30d783f21fea25c3fcccf30154
-
SHA512
f8716ff11bc66c00c7ab472920d1912988c7f846e9e62206198262a243fcda2a0c2cc1542d664e00ff8857d1303a7ba3fb3b15366027ed0b3f62be9e5f9fc351
-
SSDEEP
49152:nGkfskurb/ThvO90d7HjmAFd4A64nsfJHJWYSrvauegRRYszTz19+tee2owSdGxz:p3WzOYho7fK
Static task
static1
Behavioral task
behavioral1
Sample
8fdcd195bd829919ba267cb650ddb750fb3ffe30d783f21fea25c3fcccf30154.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
8fdcd195bd829919ba267cb650ddb750fb3ffe30d783f21fea25c3fcccf30154.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
cobaltstrike
100000000
http://ns.chinare.cf:53/poll
-
access_type
512
-
beacon_type
256
-
dns_idle
1.920103026e+09
-
host
ns.chinare.cf,/poll
-
http_method1
GET
-
http_method2
POST
-
maxdns
255
-
polling_time
1000
-
port_number
53
-
sc_process32
%windir%\syswow64\dllhost.exe
-
sc_process64
%windir%\sysnative\dllhost.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqzEJfhNRDTUWc4OFw6QgWMCgtZpCzf+4+RQGYwL9gNHEC7Oh+6fCB3hnfVWpvxm96OVnB0eWJt6P1aNkZxVZ+u6PuqrBRm+Ad5gbjYgujotq7rM44FsmQaZAp8fORER8oRJjuMN1AxEzkj0VjMXZ8LwkT+0lyLqjjmBsdJBcCWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
2.102727936e+09
-
watermark
100000000
Targets
-
-
Target
8fdcd195bd829919ba267cb650ddb750fb3ffe30d783f21fea25c3fcccf30154
-
Size
2.5MB
-
MD5
6bfaa5a65025c9762dbd759cf92272bb
-
SHA1
1e738b9ba88d27e5a991691c5a60555f2e4af4cc
-
SHA256
8fdcd195bd829919ba267cb650ddb750fb3ffe30d783f21fea25c3fcccf30154
-
SHA512
f8716ff11bc66c00c7ab472920d1912988c7f846e9e62206198262a243fcda2a0c2cc1542d664e00ff8857d1303a7ba3fb3b15366027ed0b3f62be9e5f9fc351
-
SSDEEP
49152:nGkfskurb/ThvO90d7HjmAFd4A64nsfJHJWYSrvauegRRYszTz19+tee2owSdGxz:p3WzOYho7fK
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-