General
-
Target
4ae113138120fbf090ef2fe8f7e54e51969b2cf2f0a4f4aa6ca0da2441402299.exe
-
Size
723KB
-
Sample
240726-dl1hdswbrh
-
MD5
9558ed100341ccc230134aa25bd69a65
-
SHA1
5cfa51394e43a1fdc03133ef79b74399642b5130
-
SHA256
4ae113138120fbf090ef2fe8f7e54e51969b2cf2f0a4f4aa6ca0da2441402299
-
SHA512
811a9dca957898f1a7d750d00463681f6dc89bffdc00044b184c20f644946facdd4fe3358a45cce28f0e961ebe0cc8d1268816adbfe7d2c85a9545bb43d00cd0
-
SSDEEP
12288:tGHCnaomAEg3uPdkgNASJxRgj68dOXYYSlbZiI6w9IB:tGHCm8uPdJ+SJ7gj9dOI90w9IB
Static task
static1
Behavioral task
behavioral1
Sample
4ae113138120fbf090ef2fe8f7e54e51969b2cf2f0a4f4aa6ca0da2441402299.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
4ae113138120fbf090ef2fe8f7e54e51969b2cf2f0a4f4aa6ca0da2441402299.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
cobaltstrike
100000000
http://ns1.icbc-com-cn.com:53/jquery-3.3.1.min.js
http://ns2.icbc-com-cn.com:53/jquery-3.3.1.min.js
-
access_type
512
-
beacon_type
256
-
dns_idle
1.908702538e+09
-
host
ns1.icbc-com-cn.com,/jquery-3.3.1.min.js,ns2.icbc-com-cn.com,/jquery-3.3.1.min.js
-
http_method1
GET
-
http_method2
POST
-
jitter
9472
-
maxdns
255
-
polling_time
12000
-
port_number
53
-
sc_process32
%windir%\syswow64\dllhost.exe
-
sc_process64
%windir%\sysnative\dllhost.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrTYWiJ/5CMst9xKN4Qp1M/umCsyBwdCK1jZz+GjtvwrwHGXYIO7orYhmjKeuV3RHc06dqlylaJgqr9pelZ123yWcyV4nDO1DUCfJsmGCZeVGhHZ5nopo4URuQd9z6Qq1YraNH86vrdl37BrYYhRGDkZTQXpCUSclajI8qIfBwLQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4.234810624e+09
-
watermark
100000000
Targets
-
-
Target
4ae113138120fbf090ef2fe8f7e54e51969b2cf2f0a4f4aa6ca0da2441402299.exe
-
Size
723KB
-
MD5
9558ed100341ccc230134aa25bd69a65
-
SHA1
5cfa51394e43a1fdc03133ef79b74399642b5130
-
SHA256
4ae113138120fbf090ef2fe8f7e54e51969b2cf2f0a4f4aa6ca0da2441402299
-
SHA512
811a9dca957898f1a7d750d00463681f6dc89bffdc00044b184c20f644946facdd4fe3358a45cce28f0e961ebe0cc8d1268816adbfe7d2c85a9545bb43d00cd0
-
SSDEEP
12288:tGHCnaomAEg3uPdkgNASJxRgj68dOXYYSlbZiI6w9IB:tGHCm8uPdJ+SJ7gj9dOI90w9IB
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-