General
-
Target
db60bab09afc31846c084b0199e4d5510e2581d454f47b03af73d08750627e4b.zip
-
Size
112KB
-
Sample
240730-f7pdcsvbjk
-
MD5
bac798a05e8f53289b101f866d95b940
-
SHA1
8794b5421454b0156ca84cb8b6f7451328950a4e
-
SHA256
fad59f9676a99b1abd3e05e3cd4b20113c71784904527e5cf58daec128978099
-
SHA512
4009b75fb9d632994bf2797b4fe2fa31ded11c9df7f5607d3ced95f21df4b130050a6d197454795360158ade169d68d2ddb87470a2ab8414d817f8cae96fa881
-
SSDEEP
3072:9OpTvad5Z5HAupw9x5xOkaTtmH2un3r9Bs/GkhXTygT1:IFv80B9x5x7aTZ0zGGkVT1
Behavioral task
behavioral1
Sample
db60bab09afc31846c084b0199e4d5510e2581d454f47b03af73d08750627e4b.dll
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
db60bab09afc31846c084b0199e4d5510e2581d454f47b03af73d08750627e4b.dll
Resource
win10v2004-20240729-en
Malware Config
Extracted
cobaltstrike
305419896
http://104.131.8.20:8080/g.pixel
-
access_type
512
-
host
104.131.8.20,/g.pixel
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_method1
GET
-
http_method2
POST
-
maxdns
255
-
polling_time
60000
-
port_number
8080
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtCn5iCi+YLOzSHzWWGn0CAC/24ExcoUg5jIv7S+rccrM37+W3/gIZ+1T5oX1w/T0g48YrU+loE6CwdwRc1LfvnnQ0UKhbqNJbtlUAwAvNzQBZTVTQ2iSCmCfLtaZCSOCCFlwCTduzHhF6aaSYk9MAbos7dPjIpXe5atK5+K8EzwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)
-
watermark
305419896
Targets
-
-
Target
db60bab09afc31846c084b0199e4d5510e2581d454f47b03af73d08750627e4b
-
Size
204KB
-
MD5
782e761b494ccbb1ec3f733f185b2fe3
-
SHA1
2cb7cd144d81c7312943c953f25273359cadea1a
-
SHA256
db60bab09afc31846c084b0199e4d5510e2581d454f47b03af73d08750627e4b
-
SHA512
22a9b25b903bff7794646fe7574c1777fe9699738e7cffff590c260192126f274e5a56941ac69d02ddd4d85e7b19ba817ac5a0864b17690f7bc358879580da1f
-
SSDEEP
3072:5dFna2JSkcrnYSdM50RAXSPy0qUiS0Lxh5H4evyzUhjQUB5gK:FRYkcrY4MCIt07iPlvU0jJ
Score3/10 -