General
-
Target
a09d5a9136603ea7eb32cd77676b4e99fb8673c9e473d1fec183aa361b3bb7a0
-
Size
1.1MB
-
Sample
241225-wa8zhazrft
-
MD5
9a9274aae594ee543b31ee628a9ef179
-
SHA1
ec42baa80748957aecc45b2b59e91fe8f75494a8
-
SHA256
a09d5a9136603ea7eb32cd77676b4e99fb8673c9e473d1fec183aa361b3bb7a0
-
SHA512
f97137854812a2e9f29c806d37fdd790907534560cea7b24b6fb4dab10e528fb1263b1d1dd34545db582219d8917764c760a2ebc905474053fbcb3c0a3c3148b
-
SSDEEP
24576:8gUPonVc4vy2LdZRK2faDWH/hK6z86GlJyDx:2PonVc4v3XRK2fas/hzgJyDx
Malware Config
Extracted
cobaltstrike
0
-
watermark
0
Extracted
cobaltstrike
100000
http://113.45.198.61:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
-
access_type
512
-
beacon_type
2048
-
host
113.45.198.61,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
-
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAABAAAAAZSG9zdDogcXVlcnkudGhyZWF0Ym9vay5jbgAAAAoAAAAdUmVmZXJlcjogc3RhdGljLm1pY3Jvc29mdC5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAQAAAAGUhvc3Q6IHF1ZXJ5LnRocmVhdGJvb2suY24AAAAKAAAAHVJlZmVyZXI6IHN0YXRpYy5taWNyb3NvZnQuY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
4000
-
port_number
443
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCW9K9zd2zNWKSyxJKyjJw4ljWJbJhiNoejlWCluQ2AF9zFRihsMYnfsC/XMqmULtw+3J4XTU9FJxgNYpPkVfHCWIm1rBISZD2hhCaxTZD2S6yTYjMTjKfQWy6yYlOICqjwSaRtnmIu0mbf4ud1Gmfrh6w8wazc9SSCvD6RM0WtIQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/N4215/adj/amzn.us.sr.aps
-
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
-
watermark
100000
Targets
-
-
Target
a09d5a9136603ea7eb32cd77676b4e99fb8673c9e473d1fec183aa361b3bb7a0
-
Size
1.1MB
-
MD5
9a9274aae594ee543b31ee628a9ef179
-
SHA1
ec42baa80748957aecc45b2b59e91fe8f75494a8
-
SHA256
a09d5a9136603ea7eb32cd77676b4e99fb8673c9e473d1fec183aa361b3bb7a0
-
SHA512
f97137854812a2e9f29c806d37fdd790907534560cea7b24b6fb4dab10e528fb1263b1d1dd34545db582219d8917764c760a2ebc905474053fbcb3c0a3c3148b
-
SSDEEP
24576:8gUPonVc4vy2LdZRK2faDWH/hK6z86GlJyDx:2PonVc4v3XRK2fas/hzgJyDx
Score10/10-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
Cobaltstrike family
-