General
-
Target
8df542ca32d53e106bbf0cf95b17649d0364a90ff84f19e3f7e3704674eb1081
-
Size
10.3MB
-
Sample
240823-jta6csvfjl
-
MD5
c37d97d604d7fdcc4c42a084cd9b53c2
-
SHA1
0a913a90f8a05c2410f5eea55d3527de886409e6
-
SHA256
8df542ca32d53e106bbf0cf95b17649d0364a90ff84f19e3f7e3704674eb1081
-
SHA512
44938120cd8ac259ee7ee9e7522571fd0999531b5acf928b0d1159f9e84a68fb570d641b1a350e5fc06da97a95bb12164473c65ac6618e22ae43e6c3309ed62e
-
SSDEEP
196608:11pD561IIB0/zRw2pdxfmPXuWDkUzIpHQ2qB7cL:n18ej/zKodxfmvlPBy
Static task
static1
Behavioral task
behavioral1
Sample
8df542ca32d53e106bbf0cf95b17649d0364a90ff84f19e3f7e3704674eb1081.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
8df542ca32d53e106bbf0cf95b17649d0364a90ff84f19e3f7e3704674eb1081.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
cobaltstrike
0
-
watermark
0
Extracted
cobaltstrike
100000
http://172.16.90.207:443/www/handle/doc
-
access_type
512
-
beacon_type
2048
-
host
172.16.90.207,/www/handle/doc
-
http_header1
AAAABwAAAAAAAAANAAAAAgAAAApTRVNTSU9OSUQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAABwAAAAAAAAAPAAAACwAAAAUAAAADZG9jAAAABwAAAAEAAAAPAAAADQAAAAIAAAAFZGF0YT0AAAABAAAAAiUlAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
1
-
port_number
443
-
sc_process32
c:\windows\syswow64\rundll32.exe
-
sc_process64
c:\windows\system32\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCXR6dEL2D5D5PA0hFqADKMvQ60p56YoPVQbuEx+kAUCiYpCwNgOc+QWflJNwmd1P+Qqlpsnula1MPg8XFvV1MYBNyzWtyVSkd5+12DwvJ4yQ1itGOOJt/u/dVPodhTlTLl8G//5ibjH/LXduCfPZmQUmL5kApcSCnAe+C21IpP3QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
2.51666432e+08
-
unknown2
AAAABAAAAAEAAAACAAAAAgAAAAUAAAAIAAAADwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/IMXo
-
user_agent
Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
-
watermark
100000
Targets
-
-
Target
8df542ca32d53e106bbf0cf95b17649d0364a90ff84f19e3f7e3704674eb1081
-
Size
10.3MB
-
MD5
c37d97d604d7fdcc4c42a084cd9b53c2
-
SHA1
0a913a90f8a05c2410f5eea55d3527de886409e6
-
SHA256
8df542ca32d53e106bbf0cf95b17649d0364a90ff84f19e3f7e3704674eb1081
-
SHA512
44938120cd8ac259ee7ee9e7522571fd0999531b5acf928b0d1159f9e84a68fb570d641b1a350e5fc06da97a95bb12164473c65ac6618e22ae43e6c3309ed62e
-
SSDEEP
196608:11pD561IIB0/zRw2pdxfmPXuWDkUzIpHQ2qB7cL:n18ej/zKodxfmvlPBy
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-