General
-
Target
402ff38676f14061da0e7f045459612f583998c72072561ff1fe3c4084891496
-
Size
256KB
-
Sample
240529-j23kksgh26
-
MD5
67780be6a5f86302fff3eee47bce2aae
-
SHA1
5d264d130131501dd1469f0a3f52e8763c46ca3f
-
SHA256
402ff38676f14061da0e7f045459612f583998c72072561ff1fe3c4084891496
-
SHA512
76ea4816a5321a6fdf68030880b2068b6f629b0f23d6baddc4298b4298b24d491c6cfc6b0ffc9f8169b6d1d60e399de0e9fe8234c8294886a115de1aff3b09b3
-
SSDEEP
3072:7c0nsHpyvGj346lbkBN/gppj8aJGIhxjT3A8ygbLAZmitdGlAw9tQYJ1b/S1PvIB:7c0bPzIpt8ahTw8PHA8itQtQvouE
Malware Config
Extracted
cobaltstrike
426352781
http://192.168.10.128:443/ga.js
-
access_type
512
-
beacon_type
2048
-
host
192.168.10.128,/ga.js
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
443
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCc+1/TfK+pFyWkSGTcZyLR/xR4zUHXBw3CkqlZQFLa5cSC+zaU2/4G2JlH9QmLpmHudCdXcjVJzjUuYIxQ4DsdI5t/dDVcEF87J8yvnocaxCRiLlgG1pSebFHf4qGsugQjppp9tzWflS4jxCCvFoW6o9AbgyRQNJ6r7pj/cNyUkQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; WOW64; Trident/5.0)
-
watermark
426352781
Targets
-
-
Target
402ff38676f14061da0e7f045459612f583998c72072561ff1fe3c4084891496
-
Size
256KB
-
MD5
67780be6a5f86302fff3eee47bce2aae
-
SHA1
5d264d130131501dd1469f0a3f52e8763c46ca3f
-
SHA256
402ff38676f14061da0e7f045459612f583998c72072561ff1fe3c4084891496
-
SHA512
76ea4816a5321a6fdf68030880b2068b6f629b0f23d6baddc4298b4298b24d491c6cfc6b0ffc9f8169b6d1d60e399de0e9fe8234c8294886a115de1aff3b09b3
-
SSDEEP
3072:7c0nsHpyvGj346lbkBN/gppj8aJGIhxjT3A8ygbLAZmitdGlAw9tQYJ1b/S1PvIB:7c0bPzIpt8ahTw8PHA8itQtQvouE
Score1/10 -