General
-
Target
0caa6686eb6602c1d96743ff8ef6212944d88f8c6823fe1da30721ed4b181ace
-
Size
259KB
-
Sample
240609-mlfbwshd6v
-
MD5
23bf409c5d1f3d60ab03eb62a2f9f330
-
SHA1
3cc7a21c8f2ee8e185015c42ffa60291cdce4e3d
-
SHA256
0caa6686eb6602c1d96743ff8ef6212944d88f8c6823fe1da30721ed4b181ace
-
SHA512
7e46c4506969b070b7a72116ddef4a588910a4fb54a3c614631536b30da3ef332c65743b8e07e927e18a0ffc66d7cc3dd122203109699dd9cca871c3016e798c
-
SSDEEP
6144:uJqVG5d1IpMyibgkTZI6jHID90a+BXVH/:u3d6tevoxuBX5
Behavioral task
behavioral1
Sample
0caa6686eb6602c1d96743ff8ef6212944d88f8c6823fe1da30721ed4b181ace.dll
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
0caa6686eb6602c1d96743ff8ef6212944d88f8c6823fe1da30721ed4b181ace.dll
Resource
win10v2004-20240426-en
Malware Config
Extracted
cobaltstrike
100000
http://microsoftsoftwave.com:8443/ca
-
access_type
512
-
beacon_type
2048
-
host
microsoftsoftwave.com,/ca
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
8443
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCTsCJfEOJJUvdtQ0u8mvgln9jpPx2ugKWgd/xoT4+YvrUGP7Sg9H2c+2Q6BgYjvvM/5UGxFaPe5sMaXHH9MYKEjLDxoxnmVEF9c6XX9GmlHwClD9uXT5mcfOMF1QyEqJ8c1n5ja/MNJKA3i5yrsUJkzlpIcNsuwU33CNZasQ5k1QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; LBBROWSER)
-
watermark
100000
Targets
-
-
Target
0caa6686eb6602c1d96743ff8ef6212944d88f8c6823fe1da30721ed4b181ace
-
Size
259KB
-
MD5
23bf409c5d1f3d60ab03eb62a2f9f330
-
SHA1
3cc7a21c8f2ee8e185015c42ffa60291cdce4e3d
-
SHA256
0caa6686eb6602c1d96743ff8ef6212944d88f8c6823fe1da30721ed4b181ace
-
SHA512
7e46c4506969b070b7a72116ddef4a588910a4fb54a3c614631536b30da3ef332c65743b8e07e927e18a0ffc66d7cc3dd122203109699dd9cca871c3016e798c
-
SSDEEP
6144:uJqVG5d1IpMyibgkTZI6jHID90a+BXVH/:u3d6tevoxuBX5
Score1/10 -