General
-
Target
2a50f3aeb2459354e70ba6eb61bebbfbe09a2b0d24180910cdfa3a6b1140d936
-
Size
259KB
-
Sample
240628-3cy1msvdnc
-
MD5
4157451d1de7e506e623de93f1d2d3cb
-
SHA1
2d2bf3a09bb1fa82ac34f007f11d96e4e0ebf7cd
-
SHA256
2a50f3aeb2459354e70ba6eb61bebbfbe09a2b0d24180910cdfa3a6b1140d936
-
SHA512
c90478d1ddf05e83d72215b9738e19944999463c32778f5928fafddecf7524ac50f28eaebe59726bd559c1d9365e719cdaca1f984b09d6ffed5dacbc47b82095
-
SSDEEP
6144:fJqVG5d1IpMyibgkTZI6jHID90a2YBX0H/:f3d6tevoxGYBXC
Behavioral task
behavioral1
Sample
2a50f3aeb2459354e70ba6eb61bebbfbe09a2b0d24180910cdfa3a6b1140d936.dll
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
2a50f3aeb2459354e70ba6eb61bebbfbe09a2b0d24180910cdfa3a6b1140d936.dll
Resource
win10v2004-20240226-en
Malware Config
Extracted
cobaltstrike
100000
http://api.chinaunion.info:443/api/v1/docs/
-
access_type
512
-
beacon_type
2048
-
host
api.chinaunion.info,/api/v1/docs/
-
http_header1
AAAAEAAAABlIb3N0OiBhcGkuY2hpbmF1bmlvbi5pbmZvAAAACgAAAB9BY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41AAAACgAAADd1bmlvbi1hY2Nlc3MtaWQ6IGFndUVBVWhQUVVwWWZ5OEY3Z21pWWVKNFlQN0NnbmtaR0REMnEyAAAABwAAAAAAAAANAAAAAgAAAApTRVNTSU9OSUQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAAEAAAABlIb3N0OiBhcGkuY2hpbmF1bmlvbi5pbmZvAAAACgAAAB9BY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41AAAACgAAADd1bmlvbi1hY2Nlc3MtaWQ6IGFndUVBVWhQUVVwWWZ5OEY3Z21pWWVKNFlQN0NnbmtaR0REMnEyAAAABwAAAAAAAAAPAAAACwAAAAUAAAADZG9jAAAABwAAAAEAAAAPAAAADQAAAAIAAAAFZGF0YT0AAAABAAAAAiUlAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
1792
-
polling_time
3000
-
port_number
443
-
sc_process32
c:\windows\syswow64\rundll32.exe
-
sc_process64
c:\windows\system32\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCD1mDZ2ZPxwbho+hOwVBJrszDhjE2lA5JLkhjRcrxhNaL/OflmaEDgX7jPHtvXeNkARWCqLVW0EX3+0IE2gon6DUxtwTpbFxIhVplMrIcM4jOXPZ6cQBdweuqvHWh8zsbd29B11vEA+Vblgd6A3y7AQMy1P0jArjEUGjmDErUlIQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
2.51666432e+08
-
unknown2
AAAABAAAAAEAAAACAAAAAgAAAAUAAAAIAAAADwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/api/v1/user/
-
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; meiqia/7.0; rv:11.0) like Gecko
-
watermark
100000
Targets
-
-
Target
2a50f3aeb2459354e70ba6eb61bebbfbe09a2b0d24180910cdfa3a6b1140d936
-
Size
259KB
-
MD5
4157451d1de7e506e623de93f1d2d3cb
-
SHA1
2d2bf3a09bb1fa82ac34f007f11d96e4e0ebf7cd
-
SHA256
2a50f3aeb2459354e70ba6eb61bebbfbe09a2b0d24180910cdfa3a6b1140d936
-
SHA512
c90478d1ddf05e83d72215b9738e19944999463c32778f5928fafddecf7524ac50f28eaebe59726bd559c1d9365e719cdaca1f984b09d6ffed5dacbc47b82095
-
SSDEEP
6144:fJqVG5d1IpMyibgkTZI6jHID90a2YBX0H/:f3d6tevoxGYBXC
Score1/10 -