General
-
Target
8956ecfb54f568a8c05dd92f1ae7a47e38078ca970771206f0f5163704e4fe54.zip
-
Size
115KB
-
Sample
240811-xjkhyasgkk
-
MD5
6fa43244891b848b2dc34ebd978fb1e1
-
SHA1
47defc6fb39213ba8cb7c0422fbfd52d71941d13
-
SHA256
89be8d1c1e65a0a565612e69e97a9450e6ab9a0eee3368646b3a2f9b54491ddf
-
SHA512
bb720e5a0ed5f2ff099916dc4cd9c7c72115548f0012b10a4936d17326b84e37428f22ad47971ba0356b3b05013d87c06be3a56bfd50416d82b5457cd94b38f2
-
SSDEEP
3072:vC13C+F+EjqsSJE6qgor/qbs5sfOdlStIx0JWhcT4:6ZCoxjqsQIggqY5sf2lJx0AA4
Behavioral task
behavioral1
Sample
8956ecfb54f568a8c05dd92f1ae7a47e38078ca970771206f0f5163704e4fe54.dll
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
8956ecfb54f568a8c05dd92f1ae7a47e38078ca970771206f0f5163704e4fe54.dll
Resource
win10v2004-20240802-en
Malware Config
Extracted
cobaltstrike
100000
http://43.138.20.240:6678/updates
-
access_type
512
-
beacon_type
2048
-
host
43.138.20.240,/updates
-
http_header1
AAAABwAAAAAAAAALAAAAAgAAAAV1c2VyPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAABJBY2NlcHQ6IHRleHQvcGxhaW4AAAAKAAAAFkFjY2VwdC1MYW5ndWFnZTogZW4tdXMAAAAKAAAAG0FjY2VwdC1FbmNvZGluZzogdGV4dC9wbGFpbgAAAAoAAAAvQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQAAAAHAAAAAAAAAAgAAAAFAAAAAmlkAAAABwAAAAEAAAADAAAAAgAAADomb3A9MSZpZD12eGV5a1MmdWk9Sm9zaCBAUEMmd3Y9MTEmZ3I9YmFja29mZiZidj0xLjU1JmRhdGE9AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
2560
-
polling_time
5000
-
port_number
6678
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCTGSwPVNWmApVzrpiA363wWGld6lvZyYJmyKz8+CG4j9xUzqalkKyuW6zxFHMpag64MHq2wsjtIJBn+Z3vfLRJBn722VofZZIiB8ymf0dBEiz5dEu4VhWL96L7Zb8Gr/pMnOqv2jccWL1CP2vcsknpddrhYAzh+iWlarn/j5gGSQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
1.481970944e+09
-
unknown2
AAAABAAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/aero2/fly.php/windowsxp/updcheck.php
-
user_agent
Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101Firefox/24.0
-
watermark
100000
Targets
-
-
Target
8956ecfb54f568a8c05dd92f1ae7a47e38078ca970771206f0f5163704e4fe54
-
Size
208KB
-
MD5
b8acb07940e6d6779c60eac0364158df
-
SHA1
47ae4fdb09e7ca463433ae73866a896a9a00c629
-
SHA256
8956ecfb54f568a8c05dd92f1ae7a47e38078ca970771206f0f5163704e4fe54
-
SHA512
a6963c06f8d65b5122c6868fb60403e601395a2eb7876d12f646bc62a3a74c2aaad57a496451dd009b85004441eeb9a9b95ec30f0c081c984c807712d486e44b
-
SSDEEP
3072:cI6CqRCt555CffkClZ8Ccn7LQlRw6x+Y3CxT2DtK5jdUzoFY5H:cIkff9D8C6XYRw6MT2DEjE
Score3/10 -