General
-
Target
new-简历.zip
-
Size
183KB
-
Sample
240724-k9xjzayclp
-
MD5
bce4b66ee902743747218464a591bfe1
-
SHA1
6436cb1b157dbca99fa4873fb605725dcffc4343
-
SHA256
8350b8ef0417e5b7814c387288b7df8962a13a20d1626efaaf9ceccba1bd0bf1
-
SHA512
d19791c9f3bd48bce02a9fc2748b25754d58976828ce05f65fa1cb5b7b1acde904969020a000119b67501b45148bf50b17019fbf1cdd0cd576d99978a05b61e3
-
SSDEEP
3072:tBErCdVxGft4Yhg7VzgoGVNnDua3bNr6J8v79D7hU8p84SVZfSRpYXhZOOpeb95P:LE4Vxk47Vzgom1PrAQ7FVUruAbYb90S
Static task
static1
Behavioral task
behavioral1
Sample
简历/main.js
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
简历/main.js
Resource
win10v2004-20240704-en
Behavioral task
behavioral3
Sample
简历/pic.png
Resource
win7-20240708-en
Behavioral task
behavioral4
Sample
简历/pic.png
Resource
win10v2004-20240709-en
Behavioral task
behavioral5
Sample
简历/简历.lnk
Resource
win7-20240705-en
Malware Config
Extracted
cobaltstrike
http://cdn.ipv6ipts.com:2087/jquery-3.3.2.slim.min.js
-
user_agent
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Host: cdn.ipv6ipts.com Referer: http://code.jquery.com/ Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
Extracted
cobaltstrike
100000000
http://cdn.ipv6ipts.com:2087/jquery-3.3.1.min.js
-
access_type
512
-
beacon_type
2048
-
host
cdn.ipv6ipts.com,/jquery-3.3.1.min.js
-
http_header1
AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAABAAAAAWSG9zdDogY2RuLmlwdjZpcHRzLmNvbQAAAAoAAAAgUmVmZXJlcjogaHR0cDovL2NvZGUuanF1ZXJ5LmNvbS8AAAAKAAAAHkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQAAAAcAAAAAAAAADQAAAAIAAAAJX19jZmR1aWQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAABAAAAAWSG9zdDogY2RuLmlwdjZpcHRzLmNvbQAAAAoAAAAgUmVmZXJlcjogaHR0cDovL2NvZGUuanF1ZXJ5LmNvbS8AAAAKAAAAHkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQAAAAcAAAAAAAAADwAAAA0AAAAFAAAACF9fY2ZkdWlkAAAABwAAAAEAAAAPAAAADQAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
9472
-
polling_time
45000
-
port_number
2087
-
sc_process32
%windir%\syswow64\dllhost.exe
-
sc_process64
%windir%\sysnative\dllhost.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCI5WtxqQdX5dCeyUhn8mtxlpU5Ngvsm3PJBITh24stQL8PMuY/FCQj3X1y+vOZXQwT6sQ60qJYci30GVpHSy6p+/E3plLUAYEdeiwIvIavPLwkp8QBotbY/5Kzzs/yCXtc6S+0DeByu8krVF7NyCt91e5tFQNx6GaDMZFUxnNL8wIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4.234810624e+09
-
unknown2
AAAABAAAAAEAAAXyAAAAAgAAAFQAAAACAAAPWwAAAA0AAAAPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/jquery-3.3.2.min.js
-
user_agent
Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
-
watermark
100000000
Targets
-
-
Target
简历/main.jpg
-
Size
1KB
-
MD5
275239236ccb783aaa7346fae1b6e929
-
SHA1
f2c0aed2872a3d6b4a815642b12416446718b60d
-
SHA256
cfe82ccf6f301988cf61849d475672644976a642d14fcd8a3633665686cbb7f1
-
SHA512
b1810ca21aa081f6005d2e1f2cf982722ba2cf158c996c69daf4c6f3066cf1188d5f84afeaff315ccacae286e191bd9a191fe69f83a12f4cd7ac7e88e14c6051
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
简历/pic.gif
-
Size
200KB
-
MD5
a54071c21b0a21cf41ad9581d9c777da
-
SHA1
bb91de85829a66cbe466c1085b1edcb6e09c3d9c
-
SHA256
3f7366ba8abab9f4c0a4de588cbf1dc47b63f5c60549165c57652a22bb7b844f
-
SHA512
05f7fc1faa1552f4d52f6d6326198618848c4e55e2960bcdec1fec79c977004e092af4bf35ac6a8da3b87b2667bf3727c34c1025ece151ab781521ad476296d7
-
SSDEEP
6144:iovUSG1zgo4jGzr+Q7DDBva2vKP90Cb9W:NvUSno40+MBC2ylppW
Score3/10 -
-
-
Target
简历/简历.lnk
-
Size
2KB
-
MD5
02bdfa20126332a8f2276f6636d97f39
-
SHA1
8d014e2333bcfed17dfc6a50c54ffc84d4e2155a
-
SHA256
1b767ac81894efefd5def83692106e6b2b63f22378a438f4b923edade16f51ae
-
SHA512
8303a8b1879677370a5960fb57d220ca6c2a1663d22ee81120b78a8e26f2eeb4a3ac669692c9c8d2c84be6ac218d2499f14010c0bd69a711464ebce84953fd63
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-