General
-
Target
35cf0023390ac6bb4e534d747f6580b8ef432f7b1cca161bfbbef2bbb5fe2d54
-
Size
270KB
-
Sample
240628-mgsfnaxcjj
-
MD5
9c68f2634833b069adf4f5eec34dc861
-
SHA1
4ac54dd3ec5047fba11fb2c095050e07565c82c7
-
SHA256
35cf0023390ac6bb4e534d747f6580b8ef432f7b1cca161bfbbef2bbb5fe2d54
-
SHA512
1df2765106ff8c85d1623e2ab67b6a6e77144957f33271eb61fd5289587c37e94d0a3b558a0276cce9581fa47ffcc6122f2a6255879ce04f80c6346eaeadb5ab
-
SSDEEP
3072:rzbINhWl+CIbfqqEVxtfg8jtfDCJS4l9JTFyG+JteEzCnL7zEGIkfhUYJF6vzHk0:rzbUWootfDCvT4ZTXzCLvIk5UDzrKM
Behavioral task
behavioral1
Sample
35cf0023390ac6bb4e534d747f6580b8ef432f7b1cca161bfbbef2bbb5fe2d54.dll
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
35cf0023390ac6bb4e534d747f6580b8ef432f7b1cca161bfbbef2bbb5fe2d54.dll
Resource
win10v2004-20240508-en
Malware Config
Extracted
cobaltstrike
391144938
http://192.168.24.43:1111/__utm.gif
-
access_type
512
-
host
192.168.24.43,/__utm.gif
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
1111
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCjNCFHtshk0qv/w/VIkoy4GQ7Hs8cJqHPmdBGUedrLPCpiVSEI8yGvB4kLh8annSvrafoJYAnsnjmgb4WaVR647FHDt/wZzf6tJVkYku7x8MPUCQfOzfuC1x6oHCN6M5lOKqKsWW6IQ7anFoGysArkP/dxnck6IV0MpY+J8FIsMwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MATMJS)
-
watermark
391144938
Extracted
cobaltstrike
0
-
watermark
0
Targets
-
-
Target
35cf0023390ac6bb4e534d747f6580b8ef432f7b1cca161bfbbef2bbb5fe2d54
-
Size
270KB
-
MD5
9c68f2634833b069adf4f5eec34dc861
-
SHA1
4ac54dd3ec5047fba11fb2c095050e07565c82c7
-
SHA256
35cf0023390ac6bb4e534d747f6580b8ef432f7b1cca161bfbbef2bbb5fe2d54
-
SHA512
1df2765106ff8c85d1623e2ab67b6a6e77144957f33271eb61fd5289587c37e94d0a3b558a0276cce9581fa47ffcc6122f2a6255879ce04f80c6346eaeadb5ab
-
SSDEEP
3072:rzbINhWl+CIbfqqEVxtfg8jtfDCJS4l9JTFyG+JteEzCnL7zEGIkfhUYJF6vzHk0:rzbUWootfDCvT4ZTXzCLvIk5UDzrKM
Score10/10 -