General
-
Target
beacon.exe
-
Size
278KB
-
Sample
240710-st7c8svglj
-
MD5
e567a74fdf409b182b308c33c0a1beb5
-
SHA1
50b23518b015164e0456dfe0d700c4836ba62f69
-
SHA256
5e38ffc9ba6827e2a81421f5f92cb8fd954d038be6338657a711a6fcb26fd591
-
SHA512
3500dadb757a286f8b10bd66e9cdb6f4b766aa38766b46ec07c42ac952452cdce9022c964569adb3964df0832bdbbdea01f2ee9c4662e6c8e7beebd4bf587042
-
SSDEEP
6144:pRpRzW4pom6loWCxcdxyGiHazSmUSo+KT:pTI4qmeFxypHaOdT
Static task
static1
Behavioral task
behavioral1
Sample
beacon.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
beacon.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
cobaltstrike
100000000
http://118.195.149.144:34443/ptj
-
access_type
512
-
beacon_type
2048
-
host
118.195.149.144,/ptj
-
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQWNjZXB0LUxhbmd1YWdlOiBlbi11cwAAAAoAAAAbQWNjZXB0LUVuY29kaW5nOiB0ZXh0L3BsYWluAAAACgAAAC9Db250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsdHJ5dHJ5ZAAAAAcAAAAAAAAAAwAAAAIAAAAiU0VTU0lPTklEPXdxZTQ1NHdxZTJkczE1ZHM0ZHNhNWRzNAAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQWNjZXB0LUxhbmd1YWdlOiBlbi11cwAAAAoAAAAbQWNjZXB0LUVuY29kaW5nOiB0ZXh0L3BsYWluAAAACgAAAC9Db250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsdHJ5dHJ5ZAAAAAcAAAAAAAAAAwAAAAIAAAAjSlNFU1NJT049ZHNmNXNkNGY1ZTQ1ZmU0czY1ZDRmODU2ZTQAAAAGAAAABkNvb2tpZQAAAAcAAAABAAAAAwAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
5120
-
polling_time
3000
-
port_number
34443
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCL6TwBssquJ2T1RLKdozZUMdHUG8hYXPCrhDbynLqRy2a/ImO99g2pkMP1jX8v3ehv24p4gYn3DEdXSXNWgGrdea//ECVk38mo2T/y37krzCwLrqM/inCCOY9srYXqIjAqgLBuHLu5EayT5I5I2gAyefQJY+xhAPu+qaHMbrX0VQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
1.481970944e+09
-
unknown2
AAAABAAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36
-
watermark
100000000
Targets
-
-
Target
beacon.exe
-
Size
278KB
-
MD5
e567a74fdf409b182b308c33c0a1beb5
-
SHA1
50b23518b015164e0456dfe0d700c4836ba62f69
-
SHA256
5e38ffc9ba6827e2a81421f5f92cb8fd954d038be6338657a711a6fcb26fd591
-
SHA512
3500dadb757a286f8b10bd66e9cdb6f4b766aa38766b46ec07c42ac952452cdce9022c964569adb3964df0832bdbbdea01f2ee9c4662e6c8e7beebd4bf587042
-
SSDEEP
6144:pRpRzW4pom6loWCxcdxyGiHazSmUSo+KT:pTI4qmeFxypHaOdT
Score10/10 -