General
-
Target
6175b315f79136490af350bebb041110541084441797d3cb744a339be99e5f3c
-
Size
278KB
-
Sample
240806-2bqr7ssern
-
MD5
fca81afbe0dc10a82e3789a72dce7598
-
SHA1
5abca079ba738cb1c79b406d3d70e48c1cc91f69
-
SHA256
6175b315f79136490af350bebb041110541084441797d3cb744a339be99e5f3c
-
SHA512
53042a6f32e92e0bb1594d5dc708a3e0159c879bba3be95e48f97c6253d1d13eca5e620f8612f2fc72b2a24095e376a7a89764dda8401dcd934d4673616e4732
-
SSDEEP
3072:OROdPC9/vTHL5XGX09QN+8NQJ/iX+K2Vn5/YdV0ZxLzfu/ChcW7z3wa6Hfhl+dJP:OROw9DrchuK2V5g0Zcu3o/hl+OV7cb
Static task
static1
Behavioral task
behavioral1
Sample
6175b315f79136490af350bebb041110541084441797d3cb744a339be99e5f3c.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
6175b315f79136490af350bebb041110541084441797d3cb744a339be99e5f3c.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
cobaltstrike
0
http://192.168.0.50:3233/cx
-
access_type
512
-
host
192.168.0.50,/cx
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_method1
GET
-
http_method2
POST
-
maxdns
255
-
polling_time
60000
-
port_number
3233
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCA+MZxM/r6ULQYrsOZZd4rUAY1n/vmk75qoXdFonCxJIKDmqfjdJYbv6T2Z1RlcxBIb6n2mFu+XITl2W1BKxSFV8ycEdQw+NqAyrNZzeZervqO38Z+nr80IiBTsNY30ej/Sd3LoPZaqsrNHydYS+Sd7XYTBxj8QGXuYsMYhejOYwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENUSSEM)
-
watermark
0
Targets
-
-
Target
6175b315f79136490af350bebb041110541084441797d3cb744a339be99e5f3c
-
Size
278KB
-
MD5
fca81afbe0dc10a82e3789a72dce7598
-
SHA1
5abca079ba738cb1c79b406d3d70e48c1cc91f69
-
SHA256
6175b315f79136490af350bebb041110541084441797d3cb744a339be99e5f3c
-
SHA512
53042a6f32e92e0bb1594d5dc708a3e0159c879bba3be95e48f97c6253d1d13eca5e620f8612f2fc72b2a24095e376a7a89764dda8401dcd934d4673616e4732
-
SSDEEP
3072:OROdPC9/vTHL5XGX09QN+8NQJ/iX+K2Vn5/YdV0ZxLzfu/ChcW7z3wa6Hfhl+dJP:OROw9DrchuK2V5g0Zcu3o/hl+OV7cb
Score10/10 -