General
-
Target
604669f454d2c12eb0493863187628c959ae5e6d5ff205cca5b121faba0a75a6.zip
-
Size
130KB
-
Sample
241005-b9zjwssgnb
-
MD5
d4108d0bd023a1acdfa6337d71c6089c
-
SHA1
4d5acd3a46e36b7f2af280ef39125acb8451fe42
-
SHA256
760622f99306688b6400a9477d2286a8c009d7bcbde012b9657c9e85a1bff329
-
SHA512
c75229934e17ef3a67fbe15298724acbe6d25942c34194cca9dbe883f7228d0ebf6c6a222ff7123ac14ed3f62f51d88960651013af9099fe38be5a6eed2dfbee
-
SSDEEP
3072:YrOjUYO5oZbGfRgmwn/CJgPhIw6Vvxk+5RSRQg37ex5wL0q:YrOlOGEPLJgZ0vxk+zcQ4Lf
Behavioral task
behavioral1
Sample
604669f454d2c12eb0493863187628c959ae5e6d5ff205cca5b121faba0a75a6.dll
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
604669f454d2c12eb0493863187628c959ae5e6d5ff205cca5b121faba0a75a6.dll
Resource
win10v2004-20240802-en
Malware Config
Extracted
cobaltstrike
391144938
http://10.107.200.22:8899/en_US/all.js
-
access_type
512
-
host
10.107.200.22,/en_US/all.js
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
8899
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCalhSnEGN0cKKJ3tE0i/ug7JpdKoSdL8LxY6i+VlRvC+hVxbJCkAZku1+PT/4UmT62lytmdE3/bwI1sf3/nJ4KXPrSgvCd3zuTwM911Ka1QaBH4LCRsg/0gJKGR3RWCGEgbv2zY3E7spsBASlmMdT3okBfKsPy0ljcpQsoHstlQwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Trident/6.0)
-
watermark
391144938
Extracted
cobaltstrike
0
-
watermark
0
Targets
-
-
Target
604669f454d2c12eb0493863187628c959ae5e6d5ff205cca5b121faba0a75a6
-
Size
272KB
-
MD5
af878c8740abffe1a8cd52a484a297d3
-
SHA1
485586e13b2ff5a1f7c52fd1e52cee4799989326
-
SHA256
604669f454d2c12eb0493863187628c959ae5e6d5ff205cca5b121faba0a75a6
-
SHA512
6d4f351e728cd528313362afbf306cde7a8ed8754e417531801641c2722e783243ac0f5d31edb1763f9e840ad0d5e1d3fd7097f5ac0188ae7fc2affa48fb1289
-
SSDEEP
3072:rzbINhWl+CIbfqqEVxtfg8jtfDCJS4l9JTFyG+JteEzCnL7zoGIkfhUYJF6vzHkm:rzbUWootfDCvT4ZTXzCLTIk5UDhrKM
Score10/10 -