Ihopot2.dll

Target

Ihopot2.dll

Size

404KB

Sample

211214-vw9mgsgbe3

Score

10 ^/10

MD5

c681c785d6055a1d5a8fe74403c9dfe9

SHA1

50713534b62404d6f502a3efa129460fd7fb6927

SHA256

f9c4a119234df78e1ad71b10fb0bf18622fd5245b72b93e5b71992f20cb9fd2e

SHA512

bdd5135e3092c3a69340ef4790756d3fe1be933a83d3ab65c3b80d2aa2a134249d70ae67027605035b9e16e792d8a4930af73124ac0d8280674dd3d44f9a8e62

Extracted

Family	cobaltstrike
C2	http://bqtconsulting.com:443/image-directory/templates.mp3 http://bqtconsulting.com:443/image-directory/templates.mp3
Attributes	user_agent Host: bqtconsulting.com Connection: close Accept: image/jpeg Accept-Language: en-GB;q=0.9, *;q=0.7 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.246

Extracted

Family	cobaltstrike
Botnet	305419776
C2	http://bqtconsulting.com:443/da.html http://bqtconsulting.com:443/da.html
Attributes	access_type 512 beacon_type 2048 host bqtconsulting.com,/da.html http_header1 AAAAEAAAABdIb3N0OiBicXRjb25zdWx0aW5nLmNvbQAAAAoAAAARQ29ubmVjdGlvbjogY2xvc2UAAAAHAAAAAAAAAAgAAAADAAAAAgAAAAVIU0lEPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= http_header2 AAAAEAAAABdIb3N0OiBicXRjb25zdWx0aW5nLmNvbQAAAAoAAAARQ29ubmVjdGlvbjogY2xvc2UAAAAKAAAAGENvbnRlbnQtVHlwZTogdGV4dC9wbGFpbgAAAAcAAAABAAAACwAAAAMAAAAEAAAABwAAAAAAAAADAAAAAgAAAA5fX3Nlc3Npb25fX2lkPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= http_method1 GET http_method2 POST jitter 11008 polling_time 57750 port_number 443 sc_process32 %windir%\syswow64\svchost.exe sc_process64 %windir%\sysnative\svchost.exe state_machine MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCIb457MN0OxBGqjtu2Ps94Quqgo0FAOwvyWXZK225TmZ4JymCqXghrwYOcQgz1rXZeQkoOjEomrqjIEnpxYzaQfmCsBw7d95XXIlpznmf2Pma4kLzC6W8/zmW9NN6ojMS+dPMe3nzA5qrABXXCd2g/JGMYUb6fIp2oVLeQP83tVQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA== unknown1 7.8457344e+07 unknown2 AAAABAAAAAIAAAJYAAAAAwAAAAsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA== uri /copyright user_agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.246 watermark 305419776

Target

Ihopot2.dll

MD5

c681c785d6055a1d5a8fe74403c9dfe9

Filesize

404KB

Score

10^/10

SHA1

50713534b62404d6f502a3efa129460fd7fb6927

SHA256

f9c4a119234df78e1ad71b10fb0bf18622fd5245b72b93e5b71992f20cb9fd2e

SHA512

bdd5135e3092c3a69340ef4790756d3fe1be933a83d3ab65c3b80d2aa2a134249d70ae67027605035b9e16e792d8a4930af73124ac0d8280674dd3d44f9a8e62

Signatures

Cobaltstrike
Description

Detected malicious payload which is part of Cobaltstrike.
Tags

trojan backdoor cobaltstrike
Blocklisted process makes network request

Related Tasks

behavioral1 behavioral2

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

static1

behavioral1

cobaltstrike 305419776 backdoor trojan

10^/10

behavioral2

cobaltstrike 305419776 backdoor trojan

10^/10

Extracted

Extracted

Tags

Signatures

Cobaltstrike

Description

Tags

Blocklisted process makes network request

Related Tasks

static1

behavioral1

behavioral2