General
-
Target
718e09a79b037e4d54e9a68902bd61160ee682b15365df2c28a94aaa7f0cf707.zip
-
Size
127KB
-
Sample
240714-hvz1fatbkb
-
MD5
33bc40a835d882c7166d31c4d94f861b
-
SHA1
bb98b31e03e426cb198ae7ab4fb20758b1d4d707
-
SHA256
dbaea3e558db4ca7edd673a15002da8854434f867dddd9367c3d9f663a457ca3
-
SHA512
56f903e9ee00b63eacf792b6a90d639a86daef4ecf50f598cb3fef9eeb20b600ef5c7899decc1e2ef59e87619ebca59ece3ae9c9168696cf1d4c94016aceefd9
-
SSDEEP
3072:cq93JL9UrIZG90zRa/78ZtUVp6jwrWHvsy1hHsQ5XaS:cqtJLTZ+0IYrUCjwrvahH1XV
Behavioral task
behavioral1
Sample
718e09a79b037e4d54e9a68902bd61160ee682b15365df2c28a94aaa7f0cf707.dll
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
718e09a79b037e4d54e9a68902bd61160ee682b15365df2c28a94aaa7f0cf707.dll
Resource
win10v2004-20240709-en
Malware Config
Extracted
cobaltstrike
100000000
http://192.168.2.17:80/IE9CompatViewList.xml
-
access_type
512
-
host
192.168.2.17,/IE9CompatViewList.xml
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
80
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCLLqQLMuOjGNWQxhv2DvKFx7+E+n9hE42OfHUS8gVCF0fSWmcLSzYD6QlaLWCyqvzTaeWFs6VzfOuli7ejJR3/UNpe4nO5D7oq0ypxIcAnZ0vOjJ5bqRzpYjMxftX+/7DXmsRK3EsViHhG48Gh/DDZ0oC8Sld6CZyXzTIjI1i3iwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
-
watermark
100000000
Targets
-
-
Target
718e09a79b037e4d54e9a68902bd61160ee682b15365df2c28a94aaa7f0cf707
-
Size
260KB
-
MD5
bbd2e0b0f6acb382511e2da9bf16d1ea
-
SHA1
6dbeac6b0b6c4eb384e4b27acd23671031f7d858
-
SHA256
718e09a79b037e4d54e9a68902bd61160ee682b15365df2c28a94aaa7f0cf707
-
SHA512
0c8ea31d361e3d9d24bc46601e270aae5ffff6b2672f1dea0e56c0b9d6b7e6bd7978e9d403589e2e14b71bc96d64dace12b16327dc2bb1d6589e162d14967624
-
SSDEEP
3072:ksYckn3Xzq4IDwSK2Mbn/gprBJwJNJsCwQTIfXouPruOOTRY9BQYJerCo8:ksYwjwIGIprBJweGTIDjhOTReQ8H
Score1/10 -