General
-
Target
20x.rar
-
Size
773KB
-
Sample
240528-ps7e3aeg65
-
MD5
7c9d9ec230a4300c197b02e8aa3e8e77
-
SHA1
1438dc76c5c1535854a83fbe7822e3679af2e9dc
-
SHA256
04e44918f2cdd2b07000e1551296ae3e345cfa3eb34d682646920aeab257b85c
-
SHA512
0c701bb0072100527b58bdbda886d2c177eeee4b5e952fa2d8b94c7bd3ee5ed7694807df2678a1da2fc764d7a7d2fbb8d9c416cf4068fa9c44d378e0ab37de36
-
SSDEEP
24576:6zaN8slx+OFeAiJspjBKk0hoyQoOkmhCK:6aSslihJsZyQoJcCK
Static task
static1
Behavioral task
behavioral1
Sample
PNGsteaIth.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
PNGsteaIth.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral3
Sample
Program.exe
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
Program.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral5
Sample
关于海南移动被上级领导单位通报考核的通知-20240523.scr.exe
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
关于海南移动被上级领导单位通报考核的通知-20240523.scr.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
名单册-终端o.exe
Resource
win7-20240419-en
Behavioral task
behavioral8
Sample
名单册-终端o.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
metasploit
windows/download_exec
http://47.120.69.175:32512/SZMb
- headers User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0)
Extracted
cobaltstrike
100000
http://23.105.197.219:4433/match
-
access_type
512
-
beacon_type
2048
-
host
23.105.197.219,/match
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
4433
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDDohWpPN9dK5Iaq3j5MARwhwXxMD+LZJY92SEg755tH3cbGJDwjAjae+Cq14PUO5w33EpPbdmLoEfwZmXv2Zz/AYj0O8mNmRw35sEPhPXGKj1Snqz4qS1EVBYgJOSMLEUCg7LBwHQtvsGnoZjszjkVqf9Hi9INcnBF8qLyh4JrKQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0; BOIE9;ENUSMSNIP)
-
watermark
100000
Extracted
cobaltstrike
0
-
watermark
0
Targets
-
-
Target
PNGsteaIth.exe.vir
-
Size
28KB
-
MD5
f2a72b1be4c0ec0571aa3ae048379b93
-
SHA1
a520cb9fa0d5795e5b394de81ba537fdf03a85a3
-
SHA256
a7a003c0a3786ff0a042da131713b2f50c9ed894c558706bd9e9dc197dc66d4f
-
SHA512
eb9db99c02f93cb5d955ceffcaef008e64739a71740e7bc8673502dd4a673944a793a81582aad824f638fb6b4c64c8b72e28042cad857f044fbb6cdc9d47c454
-
SSDEEP
768:GAQxZKyl69VBM1DJX6POODrO3kdW8I60Z/:+xIaZqDDrO3kYi
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
-
-
Target
Program.exe.vir
-
Size
978KB
-
MD5
ccf31a95b6f4f958bf174b9d39a34e52
-
SHA1
3f512bec1767f64058ef55d4a8359bf4b6203280
-
SHA256
d14fd5db4480db20843fca7efcc90da802cd7d08f46c1921bc0c68498dc997bb
-
SHA512
1ae6735c853b07df09c9ca389926bfaa052efea52229b3fb144a45cfed49467a76b178d745bc4bdc17a43a04a99a69847c3d78e9f2424e25bf8f515045f27f4e
-
SSDEEP
12288:UHWCr2e29sZfx5IP4uZHlcGVEL1AsHxPqNxstu/z53A5Dj2d:L3+bIAMYA6Ystur5uDw
Score1/10 -
-
-
Target
关于海南移动被上级领导单位通报考核的通知-20240523.scr.vir
-
Size
128KB
-
MD5
2c32edc44b3e88dd076abc0b43417ed5
-
SHA1
3536935a5d6176a8eae69218aa273c4ac927342f
-
SHA256
50b7edcdf4d7f17518930db967e6039ad1e5827939e606fe73eb3196ecf78a68
-
SHA512
39a3f0d6a91acfe0d10601fcbf83b15155bebd9bb9e18ec5a55bb7588c6fbef7cae824b1e9887b9c0d629c026e34f1e957cf0cad666e5ef3ecf7e36cc2729905
-
SSDEEP
3072:hjshFUKKA8foBVaM8SKfbzxcwg7es6/Vsb8VKTulOxRtP0A:C+KGgBdUhcX7elbKTul6eA
Score10/10 -
-
-
Target
名单册-终端o.exe.vir
-
Size
878KB
-
MD5
62742870a22f597230c561f4c1339bf2
-
SHA1
b361a8441474b7f58c84a625bc500c1637da0d4f
-
SHA256
bc61632be930cc0d4037e10617ef1c86c7c0da630a362566cd960507a5251877
-
SHA512
8ed1eec393bbdf5fe4652cee80361714c5a70af1434e95ff7d7a0584d7ea93389e7b99146af1a878c34d4f7a24232ce73f282596b0fbb31ade6dc253638c4c69
-
SSDEEP
12288:x8ov/AoJiq/2Erig84ptXj6Zh/yeYOcUekIANrxSXwfBF0EAxkpkk/:a+l2kiiptz/eYOcCEXwfBF0
Score1/10 -