General
-
Target
382376c7e488d0c7868d4d7c663acc38c3754858946ed80160ad0a12b6b17a02
-
Size
256KB
-
Sample
241117-w2xesawbjf
-
MD5
eab078c8c23870a5ac209540fbf88af8
-
SHA1
62d5aa04008a682e98b197bf6b9cdc406eb500fc
-
SHA256
382376c7e488d0c7868d4d7c663acc38c3754858946ed80160ad0a12b6b17a02
-
SHA512
9580ad470042b55dca606dbec5b74582bbeb7cbd37b20b1fc0eb7026216a9f2b6869788b0d09f70aad8dbdb66913a5a4a0f2f6f0c4b0c17714d1f7e5962bfd8e
-
SSDEEP
3072:7c0nsHpyvGj346lbkBN/gp7j8aJGIhxjT3A8ygbLAZmitdGl59tQYJ1b/S1Pjz8C:7c0bPzIpf8ahTw8PHA8itQrQvvuE
Behavioral task
behavioral1
Sample
382376c7e488d0c7868d4d7c663acc38c3754858946ed80160ad0a12b6b17a02.dll
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
382376c7e488d0c7868d4d7c663acc38c3754858946ed80160ad0a12b6b17a02.dll
Resource
win10v2004-20241007-en
Malware Config
Extracted
cobaltstrike
1
http://182.92.201.45:62213/push
-
access_type
512
-
beacon_type
2048
-
host
182.92.201.45,/push
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
62213
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCmIejjtdo9X1DnPj9nlJ02adfABqyERWmpAINFzQaThpk6MIWJUVFfpwH1FlX33xdzXUQfiJF5aSGVfpiOQ7bEGBqBEJy6UTcFR1Xv6RyhCJxEYorYIXqDyGmyihonG3/fpDTYyJVvF471Qcem9OD5fq/zBhSKIvqlSOa1jjSGwQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; WOW64; Trident/5.0)
-
watermark
1
Targets
-
-
Target
382376c7e488d0c7868d4d7c663acc38c3754858946ed80160ad0a12b6b17a02
-
Size
256KB
-
MD5
eab078c8c23870a5ac209540fbf88af8
-
SHA1
62d5aa04008a682e98b197bf6b9cdc406eb500fc
-
SHA256
382376c7e488d0c7868d4d7c663acc38c3754858946ed80160ad0a12b6b17a02
-
SHA512
9580ad470042b55dca606dbec5b74582bbeb7cbd37b20b1fc0eb7026216a9f2b6869788b0d09f70aad8dbdb66913a5a4a0f2f6f0c4b0c17714d1f7e5962bfd8e
-
SSDEEP
3072:7c0nsHpyvGj346lbkBN/gp7j8aJGIhxjT3A8ygbLAZmitdGl59tQYJ1b/S1Pjz8C:7c0bPzIpf8ahTw8PHA8itQrQvvuE
Score1/10 -