General
-
Target
d705104d68ca0dc480b7f49e1dd079cd95ef64f21f7a45a9b5b367462f8ab6f9.exe
-
Size
361KB
-
Sample
240724-1txg2azank
-
MD5
d1e9e70ecbf4c41cd6c4dc54680e2218
-
SHA1
377bec32993d7782bfa5de786aef1b406b9ef357
-
SHA256
d705104d68ca0dc480b7f49e1dd079cd95ef64f21f7a45a9b5b367462f8ab6f9
-
SHA512
8de97e6822d933775af51b250f893348315024e4062ccdfe601fb96c99f7c0610d4c63b5d559f00df801af1ee36bfd1dd3771cdc1f091762e21cf948120e4734
-
SSDEEP
6144:3NpRP5j0n5TsRdGUZD3Q5UPl3iUcJJJ655ZZoMb8rdvL4s68dTlcEo6IpiWe97TX:3NpRP5jQCRdrD39BcEPxROZ
Static task
static1
Behavioral task
behavioral1
Sample
d705104d68ca0dc480b7f49e1dd079cd95ef64f21f7a45a9b5b367462f8ab6f9.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
d705104d68ca0dc480b7f49e1dd079cd95ef64f21f7a45a9b5b367462f8ab6f9.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
cobaltstrike
http://36.138.209.232:60443/api-gateway/jpaas-jis-coruser-server/front/coruserlogin/usernamepwd-login.jspx
-
user_agent
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Referer: https://zwdtuser.sh.gov.cn/uc/naturalUser/loginNew.do Accept-Encoding-V2: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
Targets
-
-
Target
d705104d68ca0dc480b7f49e1dd079cd95ef64f21f7a45a9b5b367462f8ab6f9.exe
-
Size
361KB
-
MD5
d1e9e70ecbf4c41cd6c4dc54680e2218
-
SHA1
377bec32993d7782bfa5de786aef1b406b9ef357
-
SHA256
d705104d68ca0dc480b7f49e1dd079cd95ef64f21f7a45a9b5b367462f8ab6f9
-
SHA512
8de97e6822d933775af51b250f893348315024e4062ccdfe601fb96c99f7c0610d4c63b5d559f00df801af1ee36bfd1dd3771cdc1f091762e21cf948120e4734
-
SSDEEP
6144:3NpRP5j0n5TsRdGUZD3Q5UPl3iUcJJJ655ZZoMb8rdvL4s68dTlcEo6IpiWe97TX:3NpRP5jQCRdrD39BcEPxROZ
Score10/10 -