General
-
Target
e2e9b1091ae8bcfb64c48eb5c5738f79e9a939341423d635f051bcf7fa7d7ed7.zip
-
Size
112KB
-
Sample
240826-qpfnlswbqb
-
MD5
664e59ac9842f2cac131035f714f5b49
-
SHA1
2e687cc0067c525b55b71eeeeb4ffaf08484b123
-
SHA256
390798f2203c4ff0b5482b417e5c5fcbffa7707d936f2070554b344220bdaef4
-
SHA512
5c6653107fdf1709812cebeaf4bb0bdf1d530a52ba8a2931a1310f454065f0a5cd6b565e6a68aacd7f01f3020802007276e9b1229d45382176f898577c65bad7
-
SSDEEP
3072:JoSvUBer86vL8LtLTk6Sa+q5Qqg+TiOp2hZq16s/YkTat:OSvUE+hwblqdyhg1HgkI
Behavioral task
behavioral1
Sample
e2e9b1091ae8bcfb64c48eb5c5738f79e9a939341423d635f051bcf7fa7d7ed7.dll
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
e2e9b1091ae8bcfb64c48eb5c5738f79e9a939341423d635f051bcf7fa7d7ed7.dll
Resource
win10v2004-20240802-en
Malware Config
Extracted
cobaltstrike
100000
http://35.77.89.242:8080/fwlink
-
access_type
512
-
host
35.77.89.242,/fwlink
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
8080
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHn+kbPGo0aH+74MCdsL/52BoTLiFIoINii06LlHZVoRdzayR61e/+abuWmL1tkVUG6qo2lvKTYrsMpdDRL4dOg0FQZogutmHPZF7PRAgJXk3nA1fspmqHpQfdGW3sE47JKQInXqwQE3cTi3tNXQL9C4wKO2+COtn0Q9xYwFaOpwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALC)
-
watermark
100000
Targets
-
-
Target
e2e9b1091ae8bcfb64c48eb5c5738f79e9a939341423d635f051bcf7fa7d7ed7
-
Size
208KB
-
MD5
70f9b317ee18743a596226f28ec3441c
-
SHA1
6af1df9c35888309bda4ec892db17715cf092b59
-
SHA256
e2e9b1091ae8bcfb64c48eb5c5738f79e9a939341423d635f051bcf7fa7d7ed7
-
SHA512
c8d672dc172ce59ff7bc9efbbc6f2ebb4605255fb9c891f410421ea5496759c79ec56e9b45629689edf679b71f2f3cc9dcdc248835c7c71991538c74aeb6916a
-
SSDEEP
3072:LI6CqRCxffkClZ8Ccn7LQlRw6x+Y3CxT2DtK5jdUdY5w:LIDff9D8C6XYRw6MT2DEj
Score3/10 -