General

  • Target

    2

  • Size

    208KB

  • MD5

    20496855cd6224949f9ba9a77df02117

  • SHA1

    c43f2132e7db6a09fd23210ac0267ac37221b356

  • SHA256

    1ace520ab5a0ea7961b2b37224490ba38d1e6517b78aed12120029a959371ebd

  • SHA512

    5c692ce77db0a0bc98e949c93c7a29b9e8a1b9709fea17547e3c9290e58b4c88f2aaa7f44a5bc48ca3e15446c19114a0fa06efa59ab67f358e0f5a3a0df54ed9

Malware Config

Extracted

Family

cobaltstrike

Botnet

1873433027

C2

http://hk.fcalebook.com:443/activity

Attributes
  • access_type

    512

  • beacon_type

    2048

  • create_remote_thread

    0

  • crypto_scheme

    0

  • day

    0

  • dns_idle

    0

  • dns_sleep

    0

  • host

    hk.fcalebook.com,/activity

  • http_header1

    AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_method1

    GET

  • http_method2

    POST

  • injection_process

  • jitter

    0

  • maxdns

    255

  • month

    0

  • pipe_name

  • polling_time

    60000

  • port_number

    443

  • proxy_password

  • proxy_server

  • proxy_username

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCnrhRsoqLGmBaZ2YIU9Y70ed3za0TsCPrWr/Qh7p6TijYZw3J8Cq0ITy0LAfN8DdF4btwh+WKwo2x+EAwVldbhOr7Ja4f9Dm/c4MSS0Lozxcxl20MnJ6o3kUsMBQJ3unKRsa6ZSOX2/n5ulIjpisMAv6ctkY07QHjxK/Ypv/6EyQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown3

    0

  • uri

    /submit.php

  • user_agent

    Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2; .NET4.0C; .NET4.0E)

  • watermark

    1873433027

  • year

    0

Signatures

Files

  • 2