Overview

overview

10

Static

static

10

decoded-bi...in.dll

windows7_x64

1

decoded-bi...in.dll

windows10_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    decoded-binary.bin

  • Size

    203KB

  • Sample

    210913-z35z4aede7

  • MD5

    24c4ac2a54843e65377510618edfc173

  • SHA1

    0969e21c478825a86d41c1662c1b90023fa9d72d

  • SHA256

    70f77f0cbd2b951c08e33a2466237cf0f7204f3420f99350059ff4dcbb65f94f

  • SHA512

    60646e4ac7a30cbfc9ce7b712df15bf9a5ca0b8602015e537db3d4150b968438c07bb3593dd7fbf3fb75d127671737a033838fb626e3df56fb209758f8752446

Score
10/10
cobaltstrike1359593325

Malware Config

Extracted

Family

cobaltstrike

Botnet

1359593325

C2

http://23.106.123.219:80/btn_bg.html

Attributes
  • access_type

    512

  • host

    23.106.123.219,/btn_bg.html

  • http_header1

    AAAAEAAAAB5Ib3N0OiBtaWNyYXNvZnRlZGdldXBkYXRlci5jb20AAAAKAAAAEUNvbm5lY3Rpb246IGNsb3NlAAAACgAAABJBY2NlcHQ6IGltYWdlL2pwZWcAAAAHAAAAAAAAAAgAAAADAAAAAgAAAAVIU0lEPQAAAAYAAAAGQ29va2llAAAACQAAAAxjb250YWN0PXRydWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAAEAAAAB5Ib3N0OiBtaWNyYXNvZnRlZGdldXBkYXRlci5jb20AAAAKAAAAEUNvbm5lY3Rpb246IGNsb3NlAAAACgAAACVBY2NlcHQtTGFuZ3VhZ2U6IGVuLUdCO3E9MC45LCAqO3E9MC43AAAACgAAAC9Db250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZAAAAAcAAAABAAAACwAAAAMAAAACAAAACHJlcGxhY2U9AAAABAAAAAcAAAAAAAAAAwAAAAIAAAAOX19zZXNzaW9uX19pZD0AAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • jitter

    9984

  • polling_time

    60996

  • port_number

    80

  • sc_process32

    %windir%\syswow64\runonce.exe

  • sc_process64

    %windir%\sysnative\runonce.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJvC2CQYaIouT41kXKVNrM5lLvclGJRE+i3ves+vC0AADUWTPs64Dn/B4eKlQKPpbC/8IgJjadD/B9pZiY8XUlk4dvaagLdjBCq7uSxS+KhVVsX46LBSBgIxaE4AeoZvwBD2n0wdeeI2sbkMvDhhv5s6Nmz12sAtOVGdr8cX3s5QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    6.1158912e+08

  • unknown2

    AAAABAAAAAIAAAJYAAAAAwAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /us

  • user_agent

    Mozilla/5.0 (iPhone; CPU iPhone OS 12_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0

  • watermark

    1359593325

Targets

    • Target

      decoded-binary.bin

    • Size

      203KB

    • MD5

      24c4ac2a54843e65377510618edfc173

    • SHA1

      0969e21c478825a86d41c1662c1b90023fa9d72d

    • SHA256

      70f77f0cbd2b951c08e33a2466237cf0f7204f3420f99350059ff4dcbb65f94f

    • SHA512

      60646e4ac7a30cbfc9ce7b712df15bf9a5ca0b8602015e537db3d4150b968438c07bb3593dd7fbf3fb75d127671737a033838fb626e3df56fb209758f8752446

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks