Overview

overview

10

Static

static

tmp/aaaaaa.exe

windows7_x64

10

tmp/aaaaaa.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    tmp/aaaaaa.exe

  • Size

    281KB

  • Sample

    211215-jk7szaghg7

  • MD5

    36421fab22f3270267107d2a7e32aaba

  • SHA1

    a072b4173f0d973543ab569b6d9266863323b6e5

  • SHA256

    331a0a89638745b56514306e0a2eae542aecb4fb3a8220acd280e9c205dbff78

  • SHA512

    67da15df22dd24836ee35ccdf84d71cfb3f3af3a68e191aa2ff0dc0f6bf62d82d309d7ca801992e96c1da426d8575a11df64fe1c044845f839ca9ccd1f2f7a99

Score
10/10
cobaltstrike1359593325backdoortrojan

Malware Config

Extracted

Family

cobaltstrike

Botnet

1359593325

C2

http://81.69.33.253:8065/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes
  • access_type

    512

  • host

    81.69.33.253,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

  • http_header1

    AAAACgAAAAtBY2NlcHQ6ICovKgAAABAAAAAVSG9zdDogYXBpcy5hbGl5dW4uY29tAAAABwAAAAAAAAADAAAAAgAAAA5zZXNzaW9uLXRva2VuPQAAAAIAAAAMc2tpbj1ub3NraW47AAAAAQAAACxjc20taGl0PXMtMjRLVTExQkI4MlJaU1lHSjNCREt8MTQxOTg5OTAxMjk5NgAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAQAAAAFUhvc3Q6IGFwaXMuYWxpeXVuLmNvbQAAAAkAAAAKc3o9MTYweDYwMAAAAAkAAAARb2U9b2U9SVNPLTg4NTktMTsAAAAHAAAAAAAAAAUAAAACc24AAAAJAAAABnM9MzcxNwAAAAkAAAAiZGNfcmVmPWh0dHAlM0ElMkYlMkZ3d3cuYW1hem9uLmNvbQAAAAcAAAABAAAAAwAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • polling_time

    5000

  • port_number

    8065

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCRsyWaf2BLhIC/WR1UrCDet1+BO7jNM47xgaOUd41zhsWulziUoNn2gzXj3UvK2qs/RlyKrj1v0FPSQCV79JgAa2i0r8LaZDAZPKi5xc0iuY4pFWOIMHGKFSXSg/5N2OUcXpPIdPQG/r0Za9726O9Y3Q2VhqgJ3k7GIzphLR9xgwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /N4215/adj/amzn.us.sr.aps

  • user_agent

    Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko

  • watermark

    1359593325

Targets

    • Target

      tmp/aaaaaa.exe

    • Size

      281KB

    • MD5

      36421fab22f3270267107d2a7e32aaba

    • SHA1

      a072b4173f0d973543ab569b6d9266863323b6e5

    • SHA256

      331a0a89638745b56514306e0a2eae542aecb4fb3a8220acd280e9c205dbff78

    • SHA512

      67da15df22dd24836ee35ccdf84d71cfb3f3af3a68e191aa2ff0dc0f6bf62d82d309d7ca801992e96c1da426d8575a11df64fe1c044845f839ca9ccd1f2f7a99

    Score
    10/10
    cobaltstrike1359593325backdoortrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks