General
-
Target
33988f6852a9c11377d2b0439a5a12d8d515f0d5031629b3eeceff3ea86aae64
-
Size
5.6MB
-
Sample
240831-qgz3aavgjm
-
MD5
528be357068444851c5194a3a4ad04e6
-
SHA1
d37b162402783415908a583be6fcc169411933f1
-
SHA256
33988f6852a9c11377d2b0439a5a12d8d515f0d5031629b3eeceff3ea86aae64
-
SHA512
5fe6cdfb3b14a897f5496c40fd3037a560bcac7338ea4174ee96f6a8bf755baaf0aa4656d8aa12648c8557a8c2b4a88cdc88e115d6d2509f0dd2bc4beae80dec
-
SSDEEP
98304:Az0tpywzPOFSPnUXJFerrlcDN8Xe6OlcfNCPs55y1uB/HfFxH5mIi:i0tg9ynA+rlcD0e6OafNlTy1w/HfFHmZ
Static task
static1
Behavioral task
behavioral1
Sample
33988f6852a9c11377d2b0439a5a12d8d515f0d5031629b3eeceff3ea86aae64.exe
Resource
win7-20240704-en
Malware Config
Extracted
cobaltstrike
100000
http://120.26.241.224:52847/__utm.gif
-
access_type
512
-
host
120.26.241.224,/__utm.gif
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
52847
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCSyBVvMd4tLh9+W9CJyVRvl+G/u3JfXaJ2+oaSVpYZ9gTk8AoDgaXE54lJHbTNz3TYoJzu9+pl2qsX2G+E+xziM3hTLoaBctIrY0iZiZQmRd0a6yds4ZAs7TIOTXqPP0kjPEOI+5JTx0uwCPC9Z6zCA2XbbvAfku4FuQAttCPWBQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENGB)
-
watermark
100000
Extracted
cobaltstrike
0
-
watermark
0
Targets
-
-
Target
33988f6852a9c11377d2b0439a5a12d8d515f0d5031629b3eeceff3ea86aae64
-
Size
5.6MB
-
MD5
528be357068444851c5194a3a4ad04e6
-
SHA1
d37b162402783415908a583be6fcc169411933f1
-
SHA256
33988f6852a9c11377d2b0439a5a12d8d515f0d5031629b3eeceff3ea86aae64
-
SHA512
5fe6cdfb3b14a897f5496c40fd3037a560bcac7338ea4174ee96f6a8bf755baaf0aa4656d8aa12648c8557a8c2b4a88cdc88e115d6d2509f0dd2bc4beae80dec
-
SSDEEP
98304:Az0tpywzPOFSPnUXJFerrlcDN8Xe6OlcfNCPs55y1uB/HfFxH5mIi:i0tg9ynA+rlcD0e6OafNlTy1w/HfFHmZ
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-