General
-
Target
Lee.exe
-
Size
281KB
-
Sample
241209-a6ejwawrdw
-
MD5
a7fcb5ec6dfef33922b57a9fb7251743
-
SHA1
95caf01828c0e39528e02309081ac752bb6624b6
-
SHA256
fe3848b53bf6701306cb0fa9618527dbad319a882d2d1307f8693f005c61c772
-
SHA512
f155c88c428ca22180982f7108bf7bba0629c55fbde142962b05763dce715101d93451312a49f9552af249c0ee0840e3d2240775f4c6d5152d392ec50bb11a32
-
SSDEEP
6144:GCvy+QJCWgFnl0ql59dHjNvSLjAdkKzTbXx4utYhFK:RyVJCrl0qLPHjsPzmTbBu
Static task
static1
Behavioral task
behavioral1
Sample
Lee.exe
Resource
win7-20240708-en
Malware Config
Extracted
cobaltstrike
305419896
http://101.133.156.69:7001/fwlink
-
access_type
512
-
host
101.133.156.69,/fwlink
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
7001
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2xMNNgKam92LQZPTpk+O5ByDU9W21a1O7RHFYVFF1t694BN3Y8KC3LowBUlZD1+kdSa3jIXSnWgqkpDjXtmAOrt93R8/3Scp2MK/8GOX3FJCITOuL/7DTquD1ctl3Coex5zELDxKST3KVN1c7GsLIx3df4L8BD9VMD1KKrgdrHwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; FunWebProducts; IE0006_ver1;EN_GB)
-
watermark
305419896
Extracted
cobaltstrike
0
-
watermark
0
Targets
-
-
Target
Lee.exe
-
Size
281KB
-
MD5
a7fcb5ec6dfef33922b57a9fb7251743
-
SHA1
95caf01828c0e39528e02309081ac752bb6624b6
-
SHA256
fe3848b53bf6701306cb0fa9618527dbad319a882d2d1307f8693f005c61c772
-
SHA512
f155c88c428ca22180982f7108bf7bba0629c55fbde142962b05763dce715101d93451312a49f9552af249c0ee0840e3d2240775f4c6d5152d392ec50bb11a32
-
SSDEEP
6144:GCvy+QJCWgFnl0ql59dHjNvSLjAdkKzTbXx4utYhFK:RyVJCrl0qLPHjsPzmTbBu
-
Cobaltstrike family
-