General
-
Target
72c018224ed1dfabeb9648b75aa38e1d539af0a578258943f75baea71deb45e4
-
Size
208KB
-
Sample
240628-ctzemayeqr
-
MD5
34694bac391a72ad99777a96da2ab884
-
SHA1
ffdf6a7d932527fa1885148ed8e40831f4ffc207
-
SHA256
72c018224ed1dfabeb9648b75aa38e1d539af0a578258943f75baea71deb45e4
-
SHA512
bca6ff1b89ffe004d0d3d7488f5a3ede47acacf446527b06d4a449388b29e110363685d0489a8bd8092a41bd7764c1483371adac1be786c8f816fe8db743d5e9
-
SSDEEP
3072:cI6CqRCxffkClZ8Ccn7LQlRw6x+Y3CxT2DtK5jdUJKY5H:cIDff9D8C6XYRw6MT2DEjK
Behavioral task
behavioral1
Sample
72c018224ed1dfabeb9648b75aa38e1d539af0a578258943f75baea71deb45e4.dll
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
72c018224ed1dfabeb9648b75aa38e1d539af0a578258943f75baea71deb45e4.dll
Resource
win10v2004-20240226-en
Malware Config
Extracted
cobaltstrike
100000
http://api.chinaunion.info:443/api/v1/docs/
-
access_type
512
-
beacon_type
2048
-
host
api.chinaunion.info,/api/v1/docs/
-
http_header1
AAAAEAAAABlIb3N0OiBhcGkuY2hpbmF1bmlvbi5pbmZvAAAACgAAAB9BY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41AAAACgAAADd1bmlvbi1hY2Nlc3MtaWQ6IGFndUVBVWhQUVVwWWZ5OEY3Z21pWWVKNFlQN0NnbmtaR0REMnEyAAAABwAAAAAAAAANAAAAAgAAAApTRVNTSU9OSUQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAAEAAAABlIb3N0OiBhcGkuY2hpbmF1bmlvbi5pbmZvAAAACgAAAB9BY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41AAAACgAAADd1bmlvbi1hY2Nlc3MtaWQ6IGFndUVBVWhQUVVwWWZ5OEY3Z21pWWVKNFlQN0NnbmtaR0REMnEyAAAABwAAAAAAAAAPAAAACwAAAAUAAAADZG9jAAAABwAAAAEAAAAPAAAADQAAAAIAAAAFZGF0YT0AAAABAAAAAiUlAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
1792
-
polling_time
3000
-
port_number
443
-
sc_process32
c:\windows\syswow64\rundll32.exe
-
sc_process64
c:\windows\system32\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCD1mDZ2ZPxwbho+hOwVBJrszDhjE2lA5JLkhjRcrxhNaL/OflmaEDgX7jPHtvXeNkARWCqLVW0EX3+0IE2gon6DUxtwTpbFxIhVplMrIcM4jOXPZ6cQBdweuqvHWh8zsbd29B11vEA+Vblgd6A3y7AQMy1P0jArjEUGjmDErUlIQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
2.51666432e+08
-
unknown2
AAAABAAAAAEAAAACAAAAAgAAAAUAAAAIAAAADwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/api/v1/user/
-
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; meiqia/7.0; rv:11.0) like Gecko
-
watermark
100000
Targets
-
-
Target
72c018224ed1dfabeb9648b75aa38e1d539af0a578258943f75baea71deb45e4
-
Size
208KB
-
MD5
34694bac391a72ad99777a96da2ab884
-
SHA1
ffdf6a7d932527fa1885148ed8e40831f4ffc207
-
SHA256
72c018224ed1dfabeb9648b75aa38e1d539af0a578258943f75baea71deb45e4
-
SHA512
bca6ff1b89ffe004d0d3d7488f5a3ede47acacf446527b06d4a449388b29e110363685d0489a8bd8092a41bd7764c1483371adac1be786c8f816fe8db743d5e9
-
SSDEEP
3072:cI6CqRCxffkClZ8Ccn7LQlRw6x+Y3CxT2DtK5jdUJKY5H:cIDff9D8C6XYRw6MT2DEjK
Score3/10 -