General
-
Target
11b732920b446f2f14df826882200b0008023ca16bc1af0d8470a6cb9a59bcba
-
Size
281KB
-
Sample
240802-xemgqszhle
-
MD5
fffbd5e03d4257fbe17f6a280611f2e1
-
SHA1
d5c69a5380775a7ccf4c48460ab131f7b98f1065
-
SHA256
11b732920b446f2f14df826882200b0008023ca16bc1af0d8470a6cb9a59bcba
-
SHA512
be78d66960469d7279720a03df438c8452bca22c6f05f19141e143b5469cb72cd4956215949d7e55a3f8f49ffae3f7806c1ba82a023584cc897b8e6ace99f2bf
-
SSDEEP
6144:WCJ/4fOG6mDRmEw88Zd+s0DIUnSxfog8xh8Puu0cKBdl5ZAAD0+mFu:D/4BIEwLksbkSxo1xCPuFceZaa
Static task
static1
Behavioral task
behavioral1
Sample
11b732920b446f2f14df826882200b0008023ca16bc1af0d8470a6cb9a59bcba.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
11b732920b446f2f14df826882200b0008023ca16bc1af0d8470a6cb9a59bcba.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
cobaltstrike
100000000
http://111.230.196.116:5985/jquery-3.7.1.slim.min.js
-
access_type
512
-
host
111.230.196.116,/jquery-3.7.1.slim.min.js
-
http_header1
AAAACgAAAI9BY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LGltYWdlL2F2aWYsaW1hZ2Uvd2VicCxpbWFnZS9hcG5nLCovKjtxPTAuOCxhcHBsaWNhdGlvbi9zaWduZWQtZXhjaGFuZ2U7dj1iMztxPTAuNwAAAAoAAAA9QWNjZXB0LUxhbmd1YWdlOiB6aC1DTix6aDtxPTAuOSxlbjtxPTAuOCx6aC1UVztxPTAuNyxydTtxPTAuNgAAAAoAAAAcVXBncmFkZS1JbnNlY3VyZS1SZXF1ZXN0czogMQAAAAoAAAAgUmVmZXJlcjogaHR0cDovL2NvZGUuanF1ZXJ5LmNvbS8AAAAKAAAAKEFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZSwgYnIsIHpzdGQAAAAKAAAAGENhY2hlLUNvbnRyb2w6IG1heC1hZ2U9MAAAAAcAAAAAAAAADQAAAAIAAAAGX191aWQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAAI9BY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LGltYWdlL2F2aWYsaW1hZ2Uvd2VicCxpbWFnZS9hcG5nLCovKjtxPTAuOCxhcHBsaWNhdGlvbi9zaWduZWQtZXhjaGFuZ2U7dj1iMztxPTAuNwAAAAoAAAAoQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlLCBiciwgenN0ZAAAAAoAAAAYQ2FjaGUtQ29udHJvbDogbWF4LWFnZT0wAAAACgAAAD1BY2NlcHQtTGFuZ3VhZ2U6IHpoLUNOLHpoO3E9MC45LGVuO3E9MC44LHpoLVRXO3E9MC43LHJ1O3E9MC42AAAACgAAABxVcGdyYWRlLUluc2VjdXJlLVJlcXVlc3RzOiAxAAAACgAAACBSZWZlcmVyOiBodHRwOi8vY29kZS5qcXVlcnkuY29tLwAAAAcAAAAAAAAADwAAAA0AAAAFAAAACF9fY2ZkdWlkAAAABwAAAAEAAAAPAAAADQAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
9472
-
polling_time
45000
-
port_number
5985
-
sc_process32
%windir%\syswow64\dllhost.exe
-
sc_process64
%windir%\sysnative\dllhost.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCHnC2YfqAO9tmo6ovIRpdKFhzTe/WdshqumDorPUaFyt8suxn9vCp4oMCVIScqMfIHZwIxFn4RUrQ2bc1d1RLrHWS8vp2t51u0+LIc/36iJP+1tjfcHGKO83yZXPe7Guy8Th446y3gcX2RHDLedc5BQ695XhDloHXkRnSSo3JvwQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
2.03974784e+09
-
unknown2
AAAABAAAAAEAABfdAAAAAgAAASYAAAACAAAmGwAAAA0AAAAPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/jquery-3.7.slim.min.js
-
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
-
watermark
100000000
Targets
-
-
Target
11b732920b446f2f14df826882200b0008023ca16bc1af0d8470a6cb9a59bcba
-
Size
281KB
-
MD5
fffbd5e03d4257fbe17f6a280611f2e1
-
SHA1
d5c69a5380775a7ccf4c48460ab131f7b98f1065
-
SHA256
11b732920b446f2f14df826882200b0008023ca16bc1af0d8470a6cb9a59bcba
-
SHA512
be78d66960469d7279720a03df438c8452bca22c6f05f19141e143b5469cb72cd4956215949d7e55a3f8f49ffae3f7806c1ba82a023584cc897b8e6ace99f2bf
-
SSDEEP
6144:WCJ/4fOG6mDRmEw88Zd+s0DIUnSxfog8xh8Puu0cKBdl5ZAAD0+mFu:D/4BIEwLksbkSxo1xCPuFceZaa
Score10/10 -