General
-
Target
02.08.20226.exe
-
Size
208KB
-
Sample
240829-nqzf1ayhqg
-
MD5
c0f258f9287226d4e758da7535a43563
-
SHA1
234e4d332889c654474ebcef253be71eeeff1a52
-
SHA256
3903806c0252aa0f9da08b5bdd7eaa4906dd629b2d2f2efc6b545d887dcf7a41
-
SHA512
d3f668695657687e3eb8db5f15870856800d06f9f9ca9b30abded831d502233afc2a95e97754072fb656c73c3e9264a402f792770f62944e24fc180e21e9aa4a
-
SSDEEP
3072:+r3UzYPNgNkb8pj7H7SVXuuK8oEMup60bXQpwgvT0n/bnoABVlK2fDTVtDloxiLy:gkyNx8pzQuWoEMus0ngwn/b5Bb7ZnGey
Behavioral task
behavioral1
Sample
02.08.20226.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
02.08.20226.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
cobaltstrike
100000
http://162.209.178.186:38433/accelerate/Members/9ZBUKM2FCT
-
access_type
512
-
host
162.209.178.186,/accelerate/Members/9ZBUKM2FCT
-
http_header1
AAAACgAAACtBY2NlcHQ6IGltYWdlLyosIGFwcGxpY2F0aW9uL3htbCwgdGV4dC9odG1sAAAACgAAABZBY2NlcHQtTGFuZ3VhZ2U6IGFyLWR6AAAACgAAABxBY2NlcHQtRW5jb2Rpbmc6ICosIGlkZW50aXR5AAAABwAAAAAAAAAPAAAACwAAAAIAAAAYc2VjdXJlX2lkXzM0UEJYNlhLSEdQVjM9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAADRBY2NlcHQ6IHRleHQvaHRtbCwgYXBwbGljYXRpb24veG1sLCBhcHBsaWNhdGlvbi9qc29uAAAACgAAABZBY2NlcHQtTGFuZ3VhZ2U6IGFyLWFlAAAACgAAABxBY2NlcHQtRW5jb2Rpbmc6ICosIGNvbXByZXNzAAAABwAAAAAAAAAPAAAACwAAAAUAAAAJX09LU1FZUEJEAAAABwAAAAEAAAAPAAAACwAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
12288
-
polling_time
74518
-
port_number
38433
-
sc_process32
%windir%\syswow64\gpupdate.exe
-
sc_process64
%windir%\sysnative\gpupdate.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDO235OoFjyLfEeyRgtQoAoxN81x2t+vFHHSLCyCELnqJZSbUH71/tTs6bcO0RUWGX7lWaRSFSafxWypnwB3vgNs3DFSTlz5xKL1hs/vx+nuWG7ucJZZkR5c7wZY0yuY9gQbGnf7MpcOS5rQ1fx1FCR84Ra89r28fZhB5279VAhLQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
1.42349568e+08
-
unknown2
AAAABAAAAAEAABN3AAAAAgAAEzYAAAANAAAADwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/Divide/v5.33/S2Y2T6HM
-
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.0 Safari/537.36 Edg/80.0.361.0
-
watermark
100000
Targets
-
-
Target
02.08.20226.exe
-
Size
208KB
-
MD5
c0f258f9287226d4e758da7535a43563
-
SHA1
234e4d332889c654474ebcef253be71eeeff1a52
-
SHA256
3903806c0252aa0f9da08b5bdd7eaa4906dd629b2d2f2efc6b545d887dcf7a41
-
SHA512
d3f668695657687e3eb8db5f15870856800d06f9f9ca9b30abded831d502233afc2a95e97754072fb656c73c3e9264a402f792770f62944e24fc180e21e9aa4a
-
SSDEEP
3072:+r3UzYPNgNkb8pj7H7SVXuuK8oEMup60bXQpwgvT0n/bnoABVlK2fDTVtDloxiLy:gkyNx8pzQuWoEMus0ngwn/b5Bb7ZnGey
Score1/10 -