General
-
Target
54e0793cdade34f290485e001561de6e80a81b7ffc5ff94b0e2b67fdf6e20f9c
-
Size
218KB
-
Sample
240609-d7jrrsdg99
-
MD5
101d7df34f8b27cfdf6dc660fd0d1609
-
SHA1
726e0f71e6741dbcb48a0ab5bf0f82a98b248dce
-
SHA256
54e0793cdade34f290485e001561de6e80a81b7ffc5ff94b0e2b67fdf6e20f9c
-
SHA512
b0d708c4c58cbfb071324a9fbdb0c8f5593dc05d3f073c3dcbef00772d5f38282f9f456819009c2628e330966659ba426612a9b2fff3885fe477374a68c6ff3a
-
SSDEEP
3072:MfyTFpXSc43UtiD8Umh8I6lk0bF+EjJeNDU2a7i78nifiRjdUz5Zp/BS:MfsD4ktiD8UI8I66C+6AsXnifujkz
Behavioral task
behavioral1
Sample
54e0793cdade34f290485e001561de6e80a81b7ffc5ff94b0e2b67fdf6e20f9c.dll
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
54e0793cdade34f290485e001561de6e80a81b7ffc5ff94b0e2b67fdf6e20f9c.dll
Resource
win10v2004-20240426-en
Malware Config
Extracted
cobaltstrike
391144938
http://118.107.4.157:7443/activity
-
access_type
512
-
beacon_type
2048
-
host
118.107.4.157,/activity
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
7443
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOsID1/YmuJfDxohsFpJy2FLIt+3K93dU2XwDGhJurhPA3RVL3TyM2VaunPrWvFx1ag3XNV/orgxtpC7ZFz9bUeBZfeBTatHf6NDckuQ6vKXAft5ILV0yxg6vawIvxnoz3xb9FooYpFd4GQ7sAhw+wV5yC7Lsl+F0oen55/vX48QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; FunWebProducts)
-
watermark
391144938
Targets
-
-
Target
54e0793cdade34f290485e001561de6e80a81b7ffc5ff94b0e2b67fdf6e20f9c
-
Size
218KB
-
MD5
101d7df34f8b27cfdf6dc660fd0d1609
-
SHA1
726e0f71e6741dbcb48a0ab5bf0f82a98b248dce
-
SHA256
54e0793cdade34f290485e001561de6e80a81b7ffc5ff94b0e2b67fdf6e20f9c
-
SHA512
b0d708c4c58cbfb071324a9fbdb0c8f5593dc05d3f073c3dcbef00772d5f38282f9f456819009c2628e330966659ba426612a9b2fff3885fe477374a68c6ff3a
-
SSDEEP
3072:MfyTFpXSc43UtiD8Umh8I6lk0bF+EjJeNDU2a7i78nifiRjdUz5Zp/BS:MfsD4ktiD8UI8I66C+6AsXnifujkz
Score3/10 -