Overview

overview

10

Static

static

10

test_00690000.bin.dll

windows7_x64

10

test_00690000.bin.dll

windows10_x64

10

Resubmissions

12-05-2021 09:09

210512-ll8v73rjm6 10

12-07-2020 13:12

200712-aaxsfptbdx 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    test_00690000.bin

  • Size

    204KB

  • MD5

    82401a076fce0af2b913f8c904d8c9e3

  • SHA1

    eadfb9becbe7b2e8dc9aaf1f09aac0276df4b2ec

  • SHA256

    84b87be120ec7d63af6e791e1642c63d4d83c09a1726f3b036c19547ccbef6be

  • SHA512

    8f53fc66a4413295e9b47878b8d4706d6115d308d91b2728656791e7c2ed38df29552dda5cd2537d71f81d17f3ba470e271a24e99d6b8ca8892a22daa3335bbe

Score
10/10
cobaltstrike

Malware Config

Extracted

Family

cobaltstrike

C2

http://reportsbank.com:443/about/main_title/xpattern/browse.php

Attributes
  • access_type

    512

  • beacon_type

    2048

  • create_remote_thread

    0

  • day

    0

  • dns_idle

    0

  • dns_sleep

    0

  • host

    reportsbank.com,/about/main_title/xpattern/browse.php

  • http_header1

    AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAAAoAAAAfQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuNQAAAAoAAAAeQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlAAAABwAAAAAAAAAIAAAAAgAAAAhQUkVGPUlEPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAAAoAAAAfQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuNQAAAAoAAAAeQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlAAAABwAAAAAAAAAIAAAAAgAAABJVPTc3OWI2NGUxYTdlZDczN2EAAAACAAAACFBSRUY9SUQ9AAAABgAAAAZDb29raWUAAAAHAAAAAQAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_method1

    GET

  • http_method2

    POST

  • injection_process

  • jitter

    5120

  • maxdns

    255

  • month

    0

  • pipe_name

  • polling_time

    30000

  • port_number

    443

  • proxy_password

  • proxy_server

  • proxy_username

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCnZJUJvpQVF6pohWRnN0wEc8/hbjW81vA2+/lDkMx6x67JTvJV+LsmoWuIafy1ihS8AK2/ndjilVaatWECz3xeUBLPh7S+8xA7uOOpiutTSRrtkPESpa4CZEYo5noKjF8k2lSViRZMo3K3bsW1ctxvFK+8Opp10B7SWdbGp4ZcxQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown3

    0

  • unknown4

    0

  • unknown5

    2.018915346e+09

  • uri

    /contact/work_title/app/SFX.php

  • user_agent

    Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0

  • year

    0

Signatures

Files

  • test_00690000.bin
    .dll windows x86