Overview

overview

10

Static

static

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3

  • Size

    205KB

  • MD5

    e8827c1eebc034046d12b59f61f0c285

  • SHA1

    7da64c88517ae9e2dca9b9d72093f00ae5374532

  • SHA256

    6635e0aafd12ed3493dece07c563f113fc05e86718a916564b83436eaca3fa1f

  • SHA512

    93246a68c46d035a727145005d380458957b7a979db318ac033c696634bdee4f3ff86ef556561bb9ff84085c589745af1bc7b853fa9df8ec1be7e4d321cb3239

Score
10/10
1808379625cobaltstrike

Malware Config

Extracted

Family

cobaltstrike

Botnet

1808379625

C2

http://cdn.usbankcreditcards.com:443/oscp/

Attributes
  • access_type

    512

  • beacon_type

    2048

  • create_remote_thread

    0

  • crypto_scheme

    0

  • day

    0

  • dns_idle

    0

  • dns_sleep

    0

  • host

    cdn.usbankcreditcards.com,/oscp/

  • http_header1

    AAAACgAAAAtBY2NlcHQ6ICovKgAAABAAAAAXSG9zdDogb2NzcC52ZXJpc2lnbi5jb20AAAAHAAAAAAAAAAgAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAACgAAAAtBY2NlcHQ6ICovKgAAABAAAAAXSG9zdDogb2NzcC52ZXJpc2lnbi5jb20AAAAHAAAAAAAAAAgAAAAMAAAABwAAAAEAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • injection_process

  • jitter

    4864

  • maxdns

    0

  • month

    0

  • pipe_name

  • polling_time

    9300

  • port_number

    443

  • proxy_password

  • proxy_server

  • proxy_username

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCalnoa+z+ue32rsx6UYH7RBJlwyJr+BdLMCgit6QPRT+NXkZsE5Md1pgEyDEnodiJdINEsnX1mSjqKZ0KlZ3HjhibFXd51n7ZdPrZSuyuke7HWx40enQymMGoVWQh5dUKrJPIcH9UYpwssM4ODzfcxep5Bbd7oYiZD9AMv9AA6qwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown3

    0

  • uri

    /oscp/a/

  • user_agent

    Microsoft-CryptoAPI/6.1

  • watermark

    1808379625

  • year

    0

Signatures

Files

  • 3