General
-
Target
850f8404b6b7c06356d855475e7e1c65fa5368e88cc0dc466e799649f6e28d2e
-
Size
284KB
-
Sample
240929-rje1kaxdqk
-
MD5
3ffb8a0c1931712968223fae8ac2718e
-
SHA1
7b49135cfbe385d8f23fd8c986ac6406df4496d4
-
SHA256
850f8404b6b7c06356d855475e7e1c65fa5368e88cc0dc466e799649f6e28d2e
-
SHA512
a7c549a51d3c23c6337d04706cd26492b303a38cd4180f7d33e4519622bb1caa3e6c296ebc361eb78f24a9cded39558b926f6ad00f154bf392324bcb1836a4a2
-
SSDEEP
6144:yfVc7YNrZTMKH7kiMaNHJPF49DTGx7xN6xACJUxOO:d2IihNHQuN6xKMO
Static task
static1
Behavioral task
behavioral1
Sample
850f8404b6b7c06356d855475e7e1c65fa5368e88cc0dc466e799649f6e28d2e.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
850f8404b6b7c06356d855475e7e1c65fa5368e88cc0dc466e799649f6e28d2e.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
cobaltstrike
391144938
http://154.12.20.247:801/IE9CompatViewList.xml
-
access_type
512
-
host
154.12.20.247,/IE9CompatViewList.xml
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
801
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4MxqU7cj/ZCMxgVy3gtAtiIaVerwkGAt1UJQHKYdQnQU3R9xyaDM4mOW+Jt1KGMLbDzPvfPvet714+SXyUDRncZdH3TuAdUhBeDf9UKeG8V/D41i+OXhX3AhvhPE9g74FKypQDnUL9Wzd/Z5gZ2tKaL8LIIa+fLoyexxqVNXk1wIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
-
watermark
391144938
Targets
-
-
Target
850f8404b6b7c06356d855475e7e1c65fa5368e88cc0dc466e799649f6e28d2e
-
Size
284KB
-
MD5
3ffb8a0c1931712968223fae8ac2718e
-
SHA1
7b49135cfbe385d8f23fd8c986ac6406df4496d4
-
SHA256
850f8404b6b7c06356d855475e7e1c65fa5368e88cc0dc466e799649f6e28d2e
-
SHA512
a7c549a51d3c23c6337d04706cd26492b303a38cd4180f7d33e4519622bb1caa3e6c296ebc361eb78f24a9cded39558b926f6ad00f154bf392324bcb1836a4a2
-
SSDEEP
6144:yfVc7YNrZTMKH7kiMaNHJPF49DTGx7xN6xACJUxOO:d2IihNHQuN6xKMO
Score10/10 -