General
-
Target
ad8fc70a35f36dc2648a7d3b2ea67b70bca79e498f7375577d1f7d77e24d9fc3
-
Size
290KB
-
Sample
241009-qnysssvhkl
-
MD5
b6e6e9d2c47b3e12a5b6ab63ce0e226b
-
SHA1
e10511c7c90fd3c30cf79abe14a3d21d0d154b76
-
SHA256
ad8fc70a35f36dc2648a7d3b2ea67b70bca79e498f7375577d1f7d77e24d9fc3
-
SHA512
a41b7c1e2f2d4085eede0b12af2b0f953be42eb6fe5f7e5cc683a03d594d077749f591341401e8ad8081b669eafd6d08411d282c8fe4d21bfd7eaed4116b567e
-
SSDEEP
6144:+g+QSQS8ua3Z34D/z+6PxYIQV1LbQTxl2bMs15/:+4SQSLR+yQ/QTCbMs
Static task
static1
Behavioral task
behavioral1
Sample
ad8fc70a35f36dc2648a7d3b2ea67b70bca79e498f7375577d1f7d77e24d9fc3.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
ad8fc70a35f36dc2648a7d3b2ea67b70bca79e498f7375577d1f7d77e24d9fc3.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
cobaltstrike
391144938
http://30ht.com.w.kunlunpi.com:80/mall_100_100.html
-
access_type
512
-
host
30ht.com.w.kunlunpi.com,/mall_100_100.html
-
http_header1
AAAACgAAAB5BY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUAAAAKAAAAj0FjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksaW1hZ2UvYXZpZixpbWFnZS93ZWJwLGltYWdlL2FwbmcsKi8qO3E9MC44LGFwcGxpY2F0aW9uL3NpZ25lZC1leGNoYW5nZTt2PWIzO3E9MC45AAAACgAAABxVcGdyYWRlLUluc2VjdXJlLVJlcXVlc3RzOiAxAAAACgAAABpSZWZlcmVyOiBodHRwczovLzEwMDg2LmNuLwAAAAcAAAAAAAAADQAAAAIAAAAFQU5JRD0AAAACAAAAGV9fU2VjdXJlLTNQQVBJU0lEPW5vc2tpbjsAAAABAAAAIztDT05TRU5UPVlFUytDTi56aC1DTisyMDIxMDkxNy0wOS0wAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAAD5Db250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZDsgY2hhcnNldD1VVEYtOAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAMFJlZmVyZXI6IGh0dHBzOi8vc2hvcC4xMDA4Ni5jbi9tYWxsXzEwMF8xMDAuaHRtbAAAAAcAAAAAAAAADQAAAAUAAAAIX19mb3JtaWQAAAAJAAAAFHNyY2hmcm9tPW5SS2p4elpSUnh4AAAACQAAABJmaWVsZG5hbWU9Q3pMdUV4S2wAAAAJAAAAFHNlYXJjaHNvcnRpZD1NYnpTRW5CAAAABwAAAAEAAAANAAAAAgAAACphaWRfPTUyMjAwNTcwNSZhY2N2ZXI9MSZzaG93dHlwZT1lbWJlZCZ1YT0AAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
9472
-
polling_time
30000
-
port_number
80
-
sc_process32
%windir%\syswow64\runonce.exe
-
sc_process64
%windir%\sysnative\runonce.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDWtnLgyx7vb1waHOAuCYEite0fXG1k9Xe7tKNuDDcZ1a9qpG9sFP4ZLjKd8PX+QSWegIlZFe3ur6/v8oR99IDnwEfWjTBPATiKV8k3YeRWnc1bzLX+OFqzfMYiAHZfzRONQWCNcVMe/kOfYbp2+3Si+JOO/+erR8mgwlNuy30vFwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
3.03243264e+08
-
unknown2
AAAABAAAAAEAAAglAAAAAgAACCUAAAACAAACyAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/ajax/recharge/recharge.json
-
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4044.62 Safari/537.36
-
watermark
391144938
Targets
-
-
Target
ad8fc70a35f36dc2648a7d3b2ea67b70bca79e498f7375577d1f7d77e24d9fc3
-
Size
290KB
-
MD5
b6e6e9d2c47b3e12a5b6ab63ce0e226b
-
SHA1
e10511c7c90fd3c30cf79abe14a3d21d0d154b76
-
SHA256
ad8fc70a35f36dc2648a7d3b2ea67b70bca79e498f7375577d1f7d77e24d9fc3
-
SHA512
a41b7c1e2f2d4085eede0b12af2b0f953be42eb6fe5f7e5cc683a03d594d077749f591341401e8ad8081b669eafd6d08411d282c8fe4d21bfd7eaed4116b567e
-
SSDEEP
6144:+g+QSQS8ua3Z34D/z+6PxYIQV1LbQTxl2bMs15/:+4SQSLR+yQ/QTCbMs
Score10/10 -