Overview

overview

10

Static

static

10

368b791d4f...24.dll

windows7_x64

3

368b791d4f...24.dll

windows10_x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    368b791d4fb7342d10d298e4445aa624.dll

  • Size

    199KB

  • Sample

    201213-599sgkpmpa

  • MD5

    368b791d4fb7342d10d298e4445aa624

  • SHA1

    288ea4542bb8b758c0b13d54deb36b00c287f032

  • SHA256

    557772effd7149653c391055a2bd4d12eb2588255fbb0b66112958554e6579ff

  • SHA512

    486368d60e0d49906d55d7b8101b2df7ea791e4644cefb1d9c2618ab78bf9db717fbc0cbcfa7d5585102b25467224ea29765c3cf002cabd72ae814370de7eac1

Score
10/10
cobaltstrike

Malware Config

Extracted

Family

cobaltstrike

C2

http://85.143.222.15:8082/ptj

Attributes
  • host

    85.143.222.15,/ptj

  • http_header1

    AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_method1

    GET

  • http_method2

    POST

  • maxdns

    255

  • pipe_name

    \\%s\pipe\msagent_%x

  • polling_time

    60000

  • port_number

    8082

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQChvz2oKTJ0/eJ7cFxHaHPhGqqNrEeTk0/ji502tl8m/Hm/oETz8CH0xSxpU5gyg+tG0FqOQY3WOvmPz61LGiGv4spGlz3Hxd8HXEnd3rk560YzaAPlbwB3bBjbPs1GCAYK5qkDOO7a1WhfdEMBDbtZeqY1JpMSSMovpUojps3qLwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /submit.php

  • user_agent

    Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; LEN2)

Targets

    • Target

      368b791d4fb7342d10d298e4445aa624.dll

    • Size

      199KB

    • MD5

      368b791d4fb7342d10d298e4445aa624

    • SHA1

      288ea4542bb8b758c0b13d54deb36b00c287f032

    • SHA256

      557772effd7149653c391055a2bd4d12eb2588255fbb0b66112958554e6579ff

    • SHA512

      486368d60e0d49906d55d7b8101b2df7ea791e4644cefb1d9c2618ab78bf9db717fbc0cbcfa7d5585102b25467224ea29765c3cf002cabd72ae814370de7eac1

    Score
    9/10

    • ServiceHost packer

      Detects ServiceHost packer used for .NET malware

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks