General
-
Target
e75e3f7e94ce95c740416c01a2ebf3f9e30e834e6357b98de2df98b4eb3932d3.zip
-
Size
128KB
-
Sample
240726-pegx9a1aje
-
MD5
a24686b232d5366b994e551e6851193f
-
SHA1
22008261fc538291b779b166539821f32a83557c
-
SHA256
e65b53eadbb32fb06f0cffa784f9f2e7ce646dbeb34603b77520f3c88086ec80
-
SHA512
937d0bb7b63dae42a142473abce56a881b69b895692344a72989a4d940493c836cffc2856bd7e0c5990fd609b47234f740d15aa1220464b7089f03a4cbb478ee
-
SSDEEP
1536:8ffzPwd4ZFjFj5P4K57f6IwwbGQn4cKF2vQOitqMNbDX36KcIFW4PjJiFPYPVEnS:KbwkjFlxOuiG4/Si8s6y02Vwn71ZjK
Behavioral task
behavioral1
Sample
e75e3f7e94ce95c740416c01a2ebf3f9e30e834e6357b98de2df98b4eb3932d3.dll
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
e75e3f7e94ce95c740416c01a2ebf3f9e30e834e6357b98de2df98b4eb3932d3.dll
Resource
win10v2004-20240709-en
Malware Config
Extracted
cobaltstrike
100000
http://47.243.165.127:8888/pixel.gif
-
access_type
512
-
host
47.243.165.127,/pixel.gif
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
8888
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDhw/moQ0VdyB56chcMLnDtUhv1UVM03XjgzN/oDf0LQsMcu+MMxmZr9HDUiK7XGswd6zX49j/Uu3CBnLBykLhefJFzZlH6ORRDAELHOc9oOsdRwWjxBYcPgGhXp1tNUcJEadPAxRYj7CQKLqdOQ3TZKEYWR7mGQWGrtK5BKlzAzQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)
-
watermark
100000
Targets
-
-
Target
e75e3f7e94ce95c740416c01a2ebf3f9e30e834e6357b98de2df98b4eb3932d3
-
Size
260KB
-
MD5
8ac2e2c5cbc9743ec0bc681494546c8f
-
SHA1
fd1595e6d8ada9072fca5410e480d42c75e31424
-
SHA256
e75e3f7e94ce95c740416c01a2ebf3f9e30e834e6357b98de2df98b4eb3932d3
-
SHA512
25745165807ae0c23f6095fbe9d7a9567472050862eda6eb1f60f76a9058a54ae16862edcada60c512ab2279c413653f20c4016d022bb13522e90ddfc712d750
-
SSDEEP
6144:uJqVG5d1IpMyibgkTZI6jHID90aPBXEH/:u3d6tevoxfBXy
Score1/10 -