General
-
Target
caf3695d2a2813b2663486cf0886b360850ccecd22bb281b98f226bbe2ad3581
-
Size
218KB
-
Sample
241011-g2atfsygkd
-
MD5
29ebea8557f8d35c0cf947e77c0f88aa
-
SHA1
e29aceed0b9389ef271c125ddec8c5c6e3071316
-
SHA256
caf3695d2a2813b2663486cf0886b360850ccecd22bb281b98f226bbe2ad3581
-
SHA512
b0d0611f188e8acfe11c7c9051cd79c17b5fa076240d05a3cf1b11d5fef460a4abe6a564dd615c31a7ae7a25d53f517ad3e79eb870994e9e2d315046694d9349
-
SSDEEP
3072:MfyTFpXSc43UtiD8Umh8I6lk0bF+EjJeNDU2a7i78nifiRjdUD5QCBS:MfsD4ktiD8UI8I66C+6AsXnifuji
Behavioral task
behavioral1
Sample
caf3695d2a2813b2663486cf0886b360850ccecd22bb281b98f226bbe2ad3581.dll
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
caf3695d2a2813b2663486cf0886b360850ccecd22bb281b98f226bbe2ad3581.dll
Resource
win10v2004-20241007-en
Malware Config
Extracted
cobaltstrike
391144938
http://129.211.219.207:443/pixel
-
access_type
512
-
beacon_type
2048
-
host
129.211.219.207,/pixel
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
443
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2M3Ui4C//kt/lrDXG0n8RMT5aI51HVsAkcXIHAy6AJ2o1u08O4iZFKE9C/LNOnepLyf7yoawFKF0KIsMFucP1SV0/IwNSESqmx0IUezPQ5Yy+g5vPfsnBV3n7Hx810qfUj6umeHheZ9XH1PutMM1t+1+IDey+slsAdzw8RkSeqQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
-
watermark
391144938
Targets
-
-
Target
caf3695d2a2813b2663486cf0886b360850ccecd22bb281b98f226bbe2ad3581
-
Size
218KB
-
MD5
29ebea8557f8d35c0cf947e77c0f88aa
-
SHA1
e29aceed0b9389ef271c125ddec8c5c6e3071316
-
SHA256
caf3695d2a2813b2663486cf0886b360850ccecd22bb281b98f226bbe2ad3581
-
SHA512
b0d0611f188e8acfe11c7c9051cd79c17b5fa076240d05a3cf1b11d5fef460a4abe6a564dd615c31a7ae7a25d53f517ad3e79eb870994e9e2d315046694d9349
-
SSDEEP
3072:MfyTFpXSc43UtiD8Umh8I6lk0bF+EjJeNDU2a7i78nifiRjdUD5QCBS:MfsD4ktiD8UI8I66C+6AsXnifuji
Score3/10 -