General
-
Target
64810f5064b27145b9a0c749d2dd0049203d732b926eb56f085f65c6617ef62a.zip
-
Size
130KB
-
Sample
240624-cq3ymsvdmg
-
MD5
80ef1f77c3e040b9bcac37fd3465b9ea
-
SHA1
793c0b4bea03296b1c8bf4c7c405e01f8fb4ceca
-
SHA256
4f9338525f02535c0761bc42337a4edec07f93d593c3f1cb6f25a11835ebefba
-
SHA512
b6570dc79f84b3fb06a0dc66a19ea11a6750dd0b7f2bca5303c573ff24ef29f5bb70b882e1004e4dcb0cd82241bf7182403bff18f599f1d6930dbedc31b5b09f
-
SSDEEP
3072:GyNoEebapKIcd5EUlcEqxpzDOioXGI4ihPwTyrIlXxtSc:1N1RKIcd5PeESxGRQyri+c
Behavioral task
behavioral1
Sample
64810f5064b27145b9a0c749d2dd0049203d732b926eb56f085f65c6617ef62a.dll
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
64810f5064b27145b9a0c749d2dd0049203d732b926eb56f085f65c6617ef62a.dll
Resource
win10v2004-20240611-en
Malware Config
Extracted
cobaltstrike
987654321
http://123.207.217.199:60080/g.pixel
-
access_type
512
-
beacon_type
2048
-
host
123.207.217.199,/g.pixel
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
60080
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCl9Ufs3Hc5cfwQAh40fE6N/MHWWfLgRAbrAXXHAVSqQBkn5hAWMgF4J4l2JfS/5abhI7KrV5CoHZsD2UrAA0zNPzK/8BjeHl0fYOPgUVgIfqaADeGn8IS/HUT8mvll8cG4R7dwqXU5+MPJicEehnY11ofxNM+stiet1eAYkvGBFwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
-
watermark
987654321
Extracted
cobaltstrike
0
-
watermark
0
Targets
-
-
Target
64810f5064b27145b9a0c749d2dd0049203d732b926eb56f085f65c6617ef62a
-
Size
272KB
-
MD5
6ac8a1de423673f9e0ee02b0655eec03
-
SHA1
ebdff66c0899ce01db30e2db7a819ce9f8eeb080
-
SHA256
64810f5064b27145b9a0c749d2dd0049203d732b926eb56f085f65c6617ef62a
-
SHA512
15acb876cd484ee9eb77b60c186d50e428bba2990d0f1e3669e4737c078d3cf9bdd020379f3521d660c16a146b8fe078362e31a644037e6456c3837bc9669b04
-
SSDEEP
3072:rzbINhWl+CIbfqqEVxtfg8jtfDCJS4l9JTFyG+JteEzCnL7zPGIkfhUYJF6vzHkQ:rzbUWootfDCvT4ZTXzCLmIk5UDLXrKM
Score10/10 -