General

  • Target

    67b0000.dll

  • Size

    208KB

  • Sample

    220111-jkm4kafdam

  • MD5

    e999467bfc36d775dcad4207f56993f1

  • SHA1

    b7524bb1d488ed011f80342dbf83f941f5cb5650

  • SHA256

    d1c9a2298a195bd31a14e0c4a777bf045f5f0d2edbbfd2aa151db3d08c017b6f

  • SHA512

    ddbcd210e7b548cb2a2a2816fdc7a0efe1059a42be19a244903b2f764150a7ca7d90f55158be057e67f4db625c79c76f2ae0b7de58053accbaa32ee2b13b1eb6

Malware Config

Extracted

Family

cobaltstrike

Botnet

1359593325

C2

http://midcitylanews.com:443/news/update/aaa

Attributes
  • access_type

    512

  • beacon_type

    2048

  • host

    midcitylanews.com,/news/update/aaa

  • http_header1

    AAAACgAAABdDb250ZW50LVR5cGU6IHRleHQvaHRtbAAAAAoAAAAXQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUAAAAHAAAAAAAAAAgAAAABAAAAB3YxLjU0NzIAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAACgAAACFDb250ZW50LVR5cGU6IG11bHRpcGFydC9mb3JtLWRhdGEAAAAKAAAAF0NhY2hlLUNvbnRyb2w6IG5vLWNhY2hlAAAABwAAAAAAAAALAAAAAQAAAAUvLmpwZwAAAAwAAAAHAAAAAQAAAA0AAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • jitter

    7680

  • polling_time

    60000

  • port_number

    443

  • sc_process32

    %windir%\syswow64\dllhost.exe

  • sc_process64

    %windir%\sysnative\dllhost.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCmvg7ZMKuOy4b6zWQZu+OPtbyHRJvw2SFM1xPY8rgejFcFyo5c0JZTdjIsn1/P29ZHyiCMAuyxMFk9UWg3sWeZKknb1v6+NFQcMLyYjctXQuOnpEVJ17M2T+iOkUvMoBwBdWaNEPTDbJS8M+NIGXgkYR60ozQfEMWwIICwK89i+wIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    1.481970944e+09

  • unknown2

    AAAABAAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /form/sent/ppw

  • user_agent

    Mozilla/5.0 (Windows NT 6.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36

  • watermark

    1359593325

Targets

    • Target

      67b0000.dll

    • Size

      208KB

    • MD5

      e999467bfc36d775dcad4207f56993f1

    • SHA1

      b7524bb1d488ed011f80342dbf83f941f5cb5650

    • SHA256

      d1c9a2298a195bd31a14e0c4a777bf045f5f0d2edbbfd2aa151db3d08c017b6f

    • SHA512

      ddbcd210e7b548cb2a2a2816fdc7a0efe1059a42be19a244903b2f764150a7ca7d90f55158be057e67f4db625c79c76f2ae0b7de58053accbaa32ee2b13b1eb6

    Score
    3/10

MITRE ATT&CK Matrix

Tasks