General

  • Target

    dump.bin

  • Size

    256KB

  • Sample

    220113-xemgqscah2

  • MD5

    59485df65989f03f5db83d66ae2675ed

  • SHA1

    71676f2e3bba74fc422c470069ae4c326e68bfa0

  • SHA256

    bc241456138abd744752e035000a6f581d975e5af3c3b92e56f380a31c9e19a1

  • SHA512

    b5719ac113e54c549e97743f772208b31ff8c6859be78dd899e52f4d6829150201d98139789b385b52e012feb951c3acb3e517eb9578f85944069b7a27e17ce4

Score
10/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

86281208

C2

http://69.49.229.88:443/MQEw

Attributes
  • access_type

    512

  • beacon_type

    2048

  • host

    69.49.229.88,/MQEw

  • http_header1

    AAAACgAAACVVc2VyLUFnZW50OiBNaWNyb3NvZnQtQ3J5cHRvQVBJIC8xMC4wAAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jc3AtcmVxdWVzdAAAAAcAAAAAAAAADwAAAA0AAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAACgAAACVVc2VyLUFnZW50OiBNaWNyb3NvZnQtQ3J5cHRvQVBJIC8xMC4wAAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jc3AtcmVxdWVzdAAAAAcAAAAAAAAABgAAAARFdGFnAAAABwAAAAEAAAAPAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • jitter

    8960

  • polling_time

    45000

  • port_number

    443

  • sc_process32

    %windir%\syswow64\svchost.exe

  • sc_process64

    %windir%\sysnative\svchost.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCGbP7Icq4IQIXkDR933AXP13+jzWO3NmXoZRRIF1ypnXlSt/sE1f/URw82z5tlblHu9dgfE8fYNvWh9isWHx5UXpBsB1e58MQXQHzRHOIdUUkDb0p7N45SBzL4hqOC2I79SLfBzsycA4JJ7XPt47vCVpbx1QtgVwv4CiHgIu61rwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    6.711296e+07

  • unknown2

    AAAABAAAAA8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /ocsp4

  • user_agent

    Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MAARJS)

  • watermark

    86281208

Targets

    • Target

      dump.bin

    • Size

      256KB

    • MD5

      59485df65989f03f5db83d66ae2675ed

    • SHA1

      71676f2e3bba74fc422c470069ae4c326e68bfa0

    • SHA256

      bc241456138abd744752e035000a6f581d975e5af3c3b92e56f380a31c9e19a1

    • SHA512

      b5719ac113e54c549e97743f772208b31ff8c6859be78dd899e52f4d6829150201d98139789b385b52e012feb951c3acb3e517eb9578f85944069b7a27e17ce4

    Score
    1/10

MITRE ATT&CK Matrix

Tasks