General
-
Target
d71747c9eb6f60aefb32410708734b8ad5f51b27b7c7f2646cda80e3effea28c.exe
-
Size
289KB
-
Sample
240724-1txg2asdmb
-
MD5
ff3ddbec055fa3b656aee0927a0bba23
-
SHA1
3d8f7545da1185a203d6f1d77085b912db6d0cfe
-
SHA256
d71747c9eb6f60aefb32410708734b8ad5f51b27b7c7f2646cda80e3effea28c
-
SHA512
753196bf9bd3d9f4319e0e4aa9f9bfd37324a9784d42411cc1d8d6e79874136e5f5db067a48621c92135549a599236c6c15ab63ec7e5ac3b4d68a79b4b3bab9f
-
SSDEEP
6144:0hVRFQXVb8wUX2whMU5nTLTke5K7zSOXdsiFetcMNvWieplDqBf5U:UF2YwLdUdLTkeQzSoyiFetcMNvWiepll
Static task
static1
Behavioral task
behavioral1
Sample
d71747c9eb6f60aefb32410708734b8ad5f51b27b7c7f2646cda80e3effea28c.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
d71747c9eb6f60aefb32410708734b8ad5f51b27b7c7f2646cda80e3effea28c.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
cobaltstrike
987654321
http://192.168.132.129:6666/dpixel
-
access_type
512
-
host
192.168.132.129,/dpixel
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
6666
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCZVCfJVafz3pEt0f4fuSfr9EqQelC1jSBj8KeumJ+LeTrppylUTTCFKikkq4rftPXlYkvlHKhO0ohkpAliXX6LYUTZCeXGrKmbuVqhD5gSV1OU6DKYvw6Y1FqsmWW5jEfVNJ4rEriDt02LudJiyw9HrA8sVUngRB9UKmRI6FV9KQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; WOW64; Trident/5.0; msn OptimizedIE8;ENUS)
-
watermark
987654321
Targets
-
-
Target
d71747c9eb6f60aefb32410708734b8ad5f51b27b7c7f2646cda80e3effea28c.exe
-
Size
289KB
-
MD5
ff3ddbec055fa3b656aee0927a0bba23
-
SHA1
3d8f7545da1185a203d6f1d77085b912db6d0cfe
-
SHA256
d71747c9eb6f60aefb32410708734b8ad5f51b27b7c7f2646cda80e3effea28c
-
SHA512
753196bf9bd3d9f4319e0e4aa9f9bfd37324a9784d42411cc1d8d6e79874136e5f5db067a48621c92135549a599236c6c15ab63ec7e5ac3b4d68a79b4b3bab9f
-
SSDEEP
6144:0hVRFQXVb8wUX2whMU5nTLTke5K7zSOXdsiFetcMNvWieplDqBf5U:UF2YwLdUdLTkeQzSoyiFetcMNvWiepll
Score10/10 -