General
-
Target
521593871_22474a24ffe1fd8708d60261f0f3cc45_1719641813.zip
-
Size
141KB
-
Sample
240629-g3x1dasdra
-
MD5
45a3dfdc85792d8054e961274fcb6a28
-
SHA1
084a4409dc12dfa57217cd63165a78acd29e9de7
-
SHA256
cfd523dbae5901e68bc424831b59711446d7f4015306c0d1b96938971dc70d95
-
SHA512
7d75b59ae50e530248985a308d5069ac0455cf453d138fd1e2e9bd95ac005493f2211268c9851e93ec592fcc72964e3047cf091114bcd22d4b66194d83776fed
-
SSDEEP
3072:Gsq733toame8/++vJkK646iWbtbYTlpQ4Zo3nBS6JD8zAQTHTyK:X4336c8/++vyk6iOcliLYK8zJTj
Malware Config
Extracted
cobaltstrike
305419896
http://vpn1.windowsshop.cc:53/cm
-
access_type
512
-
beacon_type
256
-
host
vpn1.windowsshop.cc,/cm
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_method1
GET
-
http_method2
POST
-
maxdns
255
-
polling_time
60000
-
port_number
53
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCKpiivbobEAUaZWbZqVGKaAshoP4Ccoif56nPFPvMYyJGavvhaMMdM9Mwavy/YJ81qbDOcpu918CtuM/uxQyGVwuDxNga7sG+ZPqSFjyLr1YtsiYu5jnmsC3BfWcIeCTV2ONqm5dDKvtq7soK0GVs0KcMZN9TbU24QiBbDZNAI4wIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; MALC)
-
watermark
305419896
Targets
-
-
Target
521593871_22474a24ffe1fd8708d60261f0f3cc45_1719641813.zip
-
Size
141KB
-
MD5
45a3dfdc85792d8054e961274fcb6a28
-
SHA1
084a4409dc12dfa57217cd63165a78acd29e9de7
-
SHA256
cfd523dbae5901e68bc424831b59711446d7f4015306c0d1b96938971dc70d95
-
SHA512
7d75b59ae50e530248985a308d5069ac0455cf453d138fd1e2e9bd95ac005493f2211268c9851e93ec592fcc72964e3047cf091114bcd22d4b66194d83776fed
-
SSDEEP
3072:Gsq733toame8/++vJkK646iWbtbYTlpQ4Zo3nBS6JD8zAQTHTyK:X4336c8/++vyk6iOcliLYK8zJTj
Score1/10 -
-
-
Target
beacon2.zip
-
Size
141KB
-
MD5
22474a24ffe1fd8708d60261f0f3cc45
-
SHA1
33bbc6a9b49ca4ad6297f861bf0f8e0c0339e912
-
SHA256
f24616dd57a322725bccf844103af650190f877c2cc755462dc904e72b7bbd30
-
SHA512
d179038df41f121a62c8de63a622cc40c306ecd238df73b79d233f36d08ded7647c8b683b1816912362ed520e28bc60ca2643f47330c6dd907f5408e7aeb8d70
-
SSDEEP
3072:Bsq733poame8N++v9kKS46iWbfbYTlpQCZo3nBWCuaG0xQrgX:64332c8N++vOO6iWclidUTaG0iMX
Score1/10 -
-
-
Target
beacon.exe
-
Size
278KB
-
MD5
1fc8362eef844f54ddd3558ee4369a1d
-
SHA1
723a5aead5bdcaf213312737c98760278f1711ae
-
SHA256
00f4ea3d44512b684f16a4b87eb17a5c6494669df52149ffb5fe7652f084f7a9
-
SHA512
0223a7bda8b7cc00b89db6fb9b542e9f57c0e878404d939fb70d31f005c09c1d64b4b91cd776419ff9fdb7dcebca69b95c62f8b5a4a30b968733a10c9ee3552c
-
SSDEEP
3072:IRGj4C7ehTVsb7+cII3aoHJH+LT1N7zacCLq8xejtziT1UFeJs+6dduC0d+iqWUU:IRcCVcvKoHx+Tb7jhiTmIs+6dduRr91
Score10/10-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-