General
-
Target
105c29188f5ff4d8f1404d16bf089711408dd4e1386874574766e15390146dbb
-
Size
128KB
-
Sample
240815-r3e5nsxamb
-
MD5
8f64c49e2f503432e758bd3c724894c4
-
SHA1
1316e01adc02695b88c1008c99090b34fd7a4e3d
-
SHA256
105c29188f5ff4d8f1404d16bf089711408dd4e1386874574766e15390146dbb
-
SHA512
971acebf672dba705549ab5202ea038877df73c3db49bacb595feade38df8bc5453bd95238ba359af45e14817e4d04afb49ebb6707143dce8f74a3534730a1c6
-
SSDEEP
3072:hMbfWEDghtBXhMqMKn2gvWETXH1x9eVhOTRpX6cJcdC5rOzRr2wUdjyw+:iTWEDgHLMgnfvlTM8x629srWyV
Behavioral task
behavioral1
Sample
edd46bcff3891beadcb4e07badcca192c98ad42fe2db00f651a0614e7f8abcb0.dll
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
edd46bcff3891beadcb4e07badcca192c98ad42fe2db00f651a0614e7f8abcb0.dll
Resource
win10v2004-20240802-en
Malware Config
Extracted
cobaltstrike
100000
http://192.168.56.142:80/cx
-
access_type
512
-
host
192.168.56.142,/cx
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
80
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCGf0L/iDIHROom1o1nFBzIn+eawfZKQKNzxBzJMU1SidY6+PUSIJqQfRMtNR32g2x34Ey+S85ElmMkFLfhPqjQlZq2Di4gfo3a8Iw6v8lKGbfSFqmM5xNi1N8J+qQXj/a4ryYzAvLOEIOa+iSg6dBWgjYs9vMdKxWozgwrx5o3eQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MASB)
-
watermark
100000
Targets
-
-
Target
edd46bcff3891beadcb4e07badcca192c98ad42fe2db00f651a0614e7f8abcb0
-
Size
260KB
-
MD5
a75b871279ab169009614ae1bff0ff37
-
SHA1
811e4cbe16961b0ba415ec148040c2f4d47ce22e
-
SHA256
edd46bcff3891beadcb4e07badcca192c98ad42fe2db00f651a0614e7f8abcb0
-
SHA512
bdbd6514457d71ba87f02d00870c4e517a4804c5602c5c50c6da77dc88590a6776e0f92569bf4c88c294315fd31e9a4978d7d1ef1882f6d6db3d00980d6fe8a4
-
SSDEEP
6144:uJqVG5d1IpMyibgkTZI6jHID90axBXtH/:u3d6tevoxBBXh
Score1/10 -