General
-
Target
fd370009f3b8d546b0a2d64056edd131dba271820df4ab97160c2b0dc3ca1b7e
-
Size
257KB
-
Sample
240917-lyxahaxbjr
-
MD5
3492315210c637512509550e9bb830b7
-
SHA1
984250bb756cf8e1a8851fb1b20b97971cb0e51a
-
SHA256
fd370009f3b8d546b0a2d64056edd131dba271820df4ab97160c2b0dc3ca1b7e
-
SHA512
6294826f04507c6176bfdfff804dfb4d48476c5427ab62447070dff5636c5b9850ffe11c17976018b060e61797a1c252884ecd33b1997c8cc87f274463f78e74
-
SSDEEP
3072:ksYckn3Xzq4IDwSK2Mbn/gprEJwJNJsCwQTIfXouPruOOTRv9BQYJerCoqA:ksYwjwIGIprEJweGTIDjhOTRnQ8K
Malware Config
Extracted
cobaltstrike
1580103824
http://192.168.237.135:80/pixel
-
access_type
512
-
host
192.168.237.135,/pixel
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
80
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDNd+drmpve4NwJgmfBOrdnEsE+iuJWYqx0O4kR7bKLcHQXYgmnDYfnyPT4cBqLcX55MAGTuGIFKp50eIUJGCM+NmTppvzSSu3RE5ZLp/q1DlpchpIlUMfSr5wUGEQvKZKaPj/bd1iVmppMzeUrrXqaxw1Wo030gHILBDf4KV7nUwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; BTRS125526)
-
watermark
1580103824
Targets
-
-
Target
fd370009f3b8d546b0a2d64056edd131dba271820df4ab97160c2b0dc3ca1b7e
-
Size
257KB
-
MD5
3492315210c637512509550e9bb830b7
-
SHA1
984250bb756cf8e1a8851fb1b20b97971cb0e51a
-
SHA256
fd370009f3b8d546b0a2d64056edd131dba271820df4ab97160c2b0dc3ca1b7e
-
SHA512
6294826f04507c6176bfdfff804dfb4d48476c5427ab62447070dff5636c5b9850ffe11c17976018b060e61797a1c252884ecd33b1997c8cc87f274463f78e74
-
SSDEEP
3072:ksYckn3Xzq4IDwSK2Mbn/gprEJwJNJsCwQTIfXouPruOOTRv9BQYJerCoqA:ksYwjwIGIprEJweGTIDjhOTRnQ8K
Score1/10 -