General
-
Target
2072-13-0x0000000000520000-0x0000000000992000-memory.dmp
-
Size
4.4MB
-
Sample
240725-dhk9asvbrk
-
MD5
f94192b60ce0a9d418a47832f5f7d333
-
SHA1
02c2f5de02bc85f35ab4cb04c7e93bcafed9383f
-
SHA256
57397c28a2795ed74e72eb6a52a29a8998f0c5bcd84f8eb83009f350988746a7
-
SHA512
6791de96c2c24ae0809022bcaab9483b2c3e114e032cf5515acd4fd9e7793de9094eedd5f0dd4c60649c1e6f980774e0dfa11833035d7a73f6a4fe8444ca8b74
-
SSDEEP
3072:jEX+XSzARN6vL4kce1Z5MIrbJ21TjPThZb2fQgEz6i5KNcJ9lbYJRiKK:jEX50e1oIrbaTSI5z6i57JTbi
Malware Config
Extracted
cobaltstrike
100000000
http://ns1.icbc-com-cn.com:53/jquery-3.3.1.min.js
http://ns2.icbc-com-cn.com:53/jquery-3.3.1.min.js
-
access_type
512
-
beacon_type
256
-
dns_idle
1.908702538e+09
-
host
ns1.icbc-com-cn.com,/jquery-3.3.1.min.js,ns2.icbc-com-cn.com,/jquery-3.3.1.min.js
-
http_method1
GET
-
http_method2
POST
-
jitter
9472
-
maxdns
255
-
polling_time
12000
-
port_number
53
-
sc_process32
%windir%\syswow64\dllhost.exe
-
sc_process64
%windir%\sysnative\dllhost.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrTYWiJ/5CMst9xKN4Qp1M/umCsyBwdCK1jZz+GjtvwrwHGXYIO7orYhmjKeuV3RHc06dqlylaJgqr9pelZ123yWcyV4nDO1DUCfJsmGCZeVGhHZ5nopo4URuQd9z6Qq1YraNH86vrdl37BrYYhRGDkZTQXpCUSclajI8qIfBwLQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4.234810624e+09
-
watermark
100000000