Overview

overview

10

Static

static

e61c59b4c4...33.dll

windows7_x64

10

e61c59b4c4...33.dll

windows10_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e61c59b4c439efa60a4dcf594c9169a0654eb88d8572a3a347de1fc76678bd33

  • Size

    282KB

  • Sample

    201111-da6d3ta4qn

  • MD5

    736cbf4e5d86772965db0b0ed4e4b9e2

  • SHA1

    c2701cfc2a650dfee8b5615216d161629662f9b3

  • SHA256

    e61c59b4c439efa60a4dcf594c9169a0654eb88d8572a3a347de1fc76678bd33

  • SHA512

    7dccb38ed0c9662a2456a115921d3620efc387b59f22c30e3af870835b5aff15f1d20507403e1c5c97622cd9a379a847b458e073489fae886e4b35b619f48eab

Score
10/10
cobaltstrikebackdoortrojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://xnjscdn.com:443/508/extra.html

Attributes
  • access_type

    512

  • beacon_type

    2048

  • create_remote_thread

    768

  • dns_idle

    1.34744072e+08

  • dns_sleep

    1.17440512e+09

  • host

    xnjscdn.com,/508/extra.html

  • http_header1

    AAAABwAAAAAAAAANAAAABQAAAAZjcmVhdGUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAABwAAAAAAAAADAAAAAgAAAAZ0b2tlbj0AAAAGAAAABkNvb2tpZQAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_method1

    GET

  • http_method2

    POST

  • jitter

    3840

  • maxdns

    231

  • pipe_name

    \\%s\pipe\tjpw_#

  • polling_time

    60000

  • port_number

    443

  • sc_process32

    %windir%\syswow64\conhost.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDMBvwSPImgtlkCMnPyQog7xlp5Ci5OFj2Hyb/B4I+tm2QqqS28DK8DSSShrUwHZA2fOmY4Wc5PkS9XW/6gEWFJNWnZPjPBtJ0DNNOwvhvAvR4Rfvx3O2sh1mwpoHwO8rZLcyHK2SLhoLq1P2mP8z4ZjUoxgurSzN94Is5QKxGLbwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /typo/contacto.htm

  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36

Targets

    • Target

      e61c59b4c439efa60a4dcf594c9169a0654eb88d8572a3a347de1fc76678bd33

    • Size

      282KB

    • MD5

      736cbf4e5d86772965db0b0ed4e4b9e2

    • SHA1

      c2701cfc2a650dfee8b5615216d161629662f9b3

    • SHA256

      e61c59b4c439efa60a4dcf594c9169a0654eb88d8572a3a347de1fc76678bd33

    • SHA512

      7dccb38ed0c9662a2456a115921d3620efc387b59f22c30e3af870835b5aff15f1d20507403e1c5c97622cd9a379a847b458e073489fae886e4b35b619f48eab

    Score
    10/10
    cobaltstrikebackdoortrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks