General
-
Target
326c2485cb20c9fa7992c69f33ec7bfc00f2a8d441c7d47586c7cd49da2a3682.zip
-
Size
114KB
-
Sample
241004-bpdrpawgnj
-
MD5
2b564e961af64733fcf7994b5460dc08
-
SHA1
5efc9a0fc058119c348484a4cecd3ad64a356cf5
-
SHA256
3ac94f893934eb1f716a6f8abb1c55617735afd486fc10d664f88014d55b145a
-
SHA512
b489297aecf4a19aba450daac706299f23c93d32cfe081b33a1107dce71ff9b7ef2b825ca4d093273918365a3d8518ba1de02d59839f4a0ed95c7fb913d15687
-
SSDEEP
3072:iJ7pbipCkevl1UtSk5XlmvFM+pYzYKgXB4zEttRobCw8kS:iJ7pb+OUtt5XlB+pYzYKcBMECbCw8kS
Behavioral task
behavioral1
Sample
326c2485cb20c9fa7992c69f33ec7bfc00f2a8d441c7d47586c7cd49da2a3682.dll
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
326c2485cb20c9fa7992c69f33ec7bfc00f2a8d441c7d47586c7cd49da2a3682.dll
Resource
win10v2004-20240802-en
Malware Config
Extracted
cobaltstrike
391144938
http://154.12.20.247:801/IE9CompatViewList.xml
-
access_type
512
-
host
154.12.20.247,/IE9CompatViewList.xml
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
801
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4MxqU7cj/ZCMxgVy3gtAtiIaVerwkGAt1UJQHKYdQnQU3R9xyaDM4mOW+Jt1KGMLbDzPvfPvet714+SXyUDRncZdH3TuAdUhBeDf9UKeG8V/D41i+OXhX3AhvhPE9g74FKypQDnUL9Wzd/Z5gZ2tKaL8LIIa+fLoyexxqVNXk1wIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
-
watermark
391144938
Targets
-
-
Target
326c2485cb20c9fa7992c69f33ec7bfc00f2a8d441c7d47586c7cd49da2a3682
-
Size
220KB
-
MD5
6895606f3e0f0f7aaac564acc04028b9
-
SHA1
93b5ee3d77b9c5b4bb20725e6b2a2d802afc06ae
-
SHA256
326c2485cb20c9fa7992c69f33ec7bfc00f2a8d441c7d47586c7cd49da2a3682
-
SHA512
beade6909741721c5147be257f25ee9d1102cd2a049316eb7c186927c72ab149544e61217e4eee06b76a1cd90eef30e82dbc17231e9c806a5ea1982d580bd875
-
SSDEEP
3072:MfyTFpXSc43UtiD8Umh8I6lk0bF+EjJeNDU2a7i78nifiRjdUH56WBS:MfsD4ktiD8UI8I66C+6AsXnifujg
Score3/10 -