Overview

overview

10

Static

static

10

df3a183cd3...8d.dll

windows7_x64

3

df3a183cd3...8d.dll

windows10_x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    df3a183cd356d14ca1dee36a0376de8ed7d8be2451e3e191caca004cbdba568d

  • Size

    4.0MB

  • Sample

    220122-alcvjsfaal

  • MD5

    3533c61681c33d5c17d8ff7a769e1592

  • SHA1

    56b85b40625ef09127b0af70a4d19a8fa4e0016c

  • SHA256

    df3a183cd356d14ca1dee36a0376de8ed7d8be2451e3e191caca004cbdba568d

  • SHA512

    830ead8268be865b25891e5e3a9a4384588325a5784ee987d55f72c9f0f67289b1f46b13705b880a76f08474cc781fd03e29c4fedbc6128886f0eea78b59dac0

Score
10/10
cobaltstrike0

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

C2

http://86.106.131.207:443/visit.js

Attributes
  • beacon_type

    2048

  • host

    86.106.131.207,/visit.js

  • http_header1

    AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • maxdns

    255

  • pipe_name

    \\%s\pipe\msagent_%x

  • polling_time

    60000

  • port_number

    443

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCPtLEgPCPVf0beGg/KsNhh0t3fDTVA2x3BI6Xzs7PVZ/9ru8mRtmCG8vF66GWoocxUwgv8NmnNwNMd0JP+1Wrn2QaSuzt86mNw4qhBv9IcOTlbSSTU1hVNPqhLuM64/97mjkor6OK8AR2/GBN6nefT6370Fx46kkuhdIUBXuru9wIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /submit.php

  • user_agent

    Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENUS)

  • watermark

    0

Targets

    • Target

      df3a183cd356d14ca1dee36a0376de8ed7d8be2451e3e191caca004cbdba568d

    • Size

      4.0MB

    • MD5

      3533c61681c33d5c17d8ff7a769e1592

    • SHA1

      56b85b40625ef09127b0af70a4d19a8fa4e0016c

    • SHA256

      df3a183cd356d14ca1dee36a0376de8ed7d8be2451e3e191caca004cbdba568d

    • SHA512

      830ead8268be865b25891e5e3a9a4384588325a5784ee987d55f72c9f0f67289b1f46b13705b880a76f08474cc781fd03e29c4fedbc6128886f0eea78b59dac0

    Score
    3/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks