General
-
Target
e0ac543984dbecb3ed326d6798ff21b3cf03d3d36c32f1b72314aed526845275
-
Size
289KB
-
Sample
240625-fd79davbkr
-
MD5
dbc1b35b7dd116f6969c44bcf689c0be
-
SHA1
84ddcc1b4e945422d01000ae06a7f94d65276b24
-
SHA256
e0ac543984dbecb3ed326d6798ff21b3cf03d3d36c32f1b72314aed526845275
-
SHA512
2e2eb5fabf534ba60c85d19d12ddafa8c9dd26180be6803f95481f0dd5b0e223ad56cdeda6f6fd6456b34819acb6be37448e559566dbef0045427d8f071ad67a
-
SSDEEP
6144:+qoWMMtCfAKntCLh7ii0H6/McUTLdH10ze1SEL8CpAy:+q3MMKAKnwLhoHF31T1a
Static task
static1
Behavioral task
behavioral1
Sample
e0ac543984dbecb3ed326d6798ff21b3cf03d3d36c32f1b72314aed526845275.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
e0ac543984dbecb3ed326d6798ff21b3cf03d3d36c32f1b72314aed526845275.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
cobaltstrike
391144938
http://192.168.13.160:80/en_US/all.js
-
access_type
512
-
host
192.168.13.160,/en_US/all.js
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
80
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCpxzBVtPPIsLjB/qH1AQrz0V3w6SLYoTPUAFiPphq2hUfJFYFreGIfC3vN8wEBgcsIGF0R1SgzWPSsufDXLETcqaiXIts8/CD7NYOnMVYKOqV/dOpbjuaf2Dqbzo+V8g5d6IVllRoMOACZcwsBngeyLI/pto7Ch2rUdEWzLER43QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NP09; NP09; MAAU)
-
watermark
391144938
Targets
-
-
Target
e0ac543984dbecb3ed326d6798ff21b3cf03d3d36c32f1b72314aed526845275
-
Size
289KB
-
MD5
dbc1b35b7dd116f6969c44bcf689c0be
-
SHA1
84ddcc1b4e945422d01000ae06a7f94d65276b24
-
SHA256
e0ac543984dbecb3ed326d6798ff21b3cf03d3d36c32f1b72314aed526845275
-
SHA512
2e2eb5fabf534ba60c85d19d12ddafa8c9dd26180be6803f95481f0dd5b0e223ad56cdeda6f6fd6456b34819acb6be37448e559566dbef0045427d8f071ad67a
-
SSDEEP
6144:+qoWMMtCfAKntCLh7ii0H6/McUTLdH10ze1SEL8CpAy:+q3MMKAKnwLhoHF31T1a
Score10/10 -