General
-
Target
fa54e7eaa471c48da5e8d87cf8cd1af50fb2ff6b216c9c2121efa8aecf7f6015.zip
-
Size
130KB
-
Sample
241014-v8p4ls1epl
-
MD5
cbd26c6e9b5c043e210ce099306bc1bb
-
SHA1
c97b574865fbd17f0697505490fdd7d9f0634a3a
-
SHA256
790d6e594f9f143c09a6f52944b196b996cce8217155fe0b2cb355de941317e2
-
SHA512
03e69dfe0a883ccc7624c48522ffe7f17dfc1daf278e7b43e06b8b1c5c079df6f4a38989b9fd9737b03d3022f932c133ec283ee748260f67c0c7ff0c148f3d08
-
SSDEEP
3072:a1gsJ4HHpF8DZuC+pvUlwJ+3GPwoRqWWk6+LSrqE:qLG5CcvUGK83RxzLSuE
Behavioral task
behavioral1
Sample
fa54e7eaa471c48da5e8d87cf8cd1af50fb2ff6b216c9c2121efa8aecf7f6015.dll
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
fa54e7eaa471c48da5e8d87cf8cd1af50fb2ff6b216c9c2121efa8aecf7f6015.dll
Resource
win10v2004-20241007-en
Malware Config
Extracted
cobaltstrike
391144938
http://101.34.205.237:3456/match
-
access_type
512
-
host
101.34.205.237,/match
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
3456
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCBCdAcGgbmSD8OnY3CXoARWSARv9sdG/r4LvD9JUAmq3RmxdqlXbXPK0DA6j/wrGbB2pnQbZI4BsVEvC8//qXWMSxAiI7IushvndQeJG0a2T1dBidxsoef7wzmj8Gw7lu42PaYOaRQijFCxHLHNUrwpUpweDCjRjQQnyRofQ3A0QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALC)
-
watermark
391144938
Extracted
cobaltstrike
0
-
watermark
0
Targets
-
-
Target
fa54e7eaa471c48da5e8d87cf8cd1af50fb2ff6b216c9c2121efa8aecf7f6015
-
Size
272KB
-
MD5
91a3c680cdebe582b363e01bacf7b26a
-
SHA1
424180860b5547638bfa007adf6c85c4fe45ff71
-
SHA256
fa54e7eaa471c48da5e8d87cf8cd1af50fb2ff6b216c9c2121efa8aecf7f6015
-
SHA512
b9d132108be3ca63041a46d6dc96daec2f5557711abcc9b58283206d5415a9232a7883f9af876befd2e64cfb317d8f7c870be6d756018e98336c4093fd1cbbf8
-
SSDEEP
3072:rzbINhWl+CIbfqqEVxtfg8jtfDCJS4l9JTFyG+JteEzCnL7zfGIkfhUYJF6vzHkN:rzbUWootfDCvT4ZTXzCLmIk5UDSrKM
Score10/10 -