Overview

overview

10

Static

static

10

dc9dbd7644...50.dll

windows7_x64

3

dc9dbd7644...50.dll

windows10_x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dc9dbd7644f060d0aa2fe469a6bcafff7dbd5d696d782d153dcdd996f2999f50

  • Size

    192KB

  • Sample

    220122-ammq5sfafm

  • MD5

    f8b6f46bcac857995a022c83c36e69f3

  • SHA1

    450ee00fbeafc0c32a01e13efd82868f858f6efc

  • SHA256

    dc9dbd7644f060d0aa2fe469a6bcafff7dbd5d696d782d153dcdd996f2999f50

  • SHA512

    e39a8e82f4097fc2b26ca1fa6229f187642c2733c13c62d25729003e5563cd5a0e1854e12c3d8e17e43529349be978443b9aa25966ccf0adfd0f5cbab5397c9b

Score
10/10
cobaltstrike0

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

C2

http://clients.testproseld.com:80/cx

http://info.testproseld.com:80/en_US/all.js

http://login.testproseld.com:80/j.ad

http://pic.testproseld.com:80/ptj
Attributes
  • beacon_type

    256

  • host

    clients.testproseld.com,/cx,info.testproseld.com,/en_US/all.js,login.testproseld.com,/j.ad,pic.testproseld.com,/ptj

  • http_header1

    AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • maxdns

    255

  • pipe_name

    \\%s\pipe\msagent_%x

  • polling_time

    60000

  • port_number

    80

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCR1Bx3K4z3UvrVePckU2cHSxuONkr2iCX8ACIc8DQXzAS4y05pKRaxxP2f5Wo0RjXFWsZZTZXKXl43imBFPD5UlLDxKSWaSvYwyDF+JacgHbYQ5W2nn0X4rS8zB7ntKNEy2WLDqPq6VcHoeYbcf3YGaki3VjHVWc5JF/XXDLxirQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /submit.php

  • user_agent

    Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)

  • watermark

    0

Targets

    • Target

      dc9dbd7644f060d0aa2fe469a6bcafff7dbd5d696d782d153dcdd996f2999f50

    • Size

      192KB

    • MD5

      f8b6f46bcac857995a022c83c36e69f3

    • SHA1

      450ee00fbeafc0c32a01e13efd82868f858f6efc

    • SHA256

      dc9dbd7644f060d0aa2fe469a6bcafff7dbd5d696d782d153dcdd996f2999f50

    • SHA512

      e39a8e82f4097fc2b26ca1fa6229f187642c2733c13c62d25729003e5563cd5a0e1854e12c3d8e17e43529349be978443b9aa25966ccf0adfd0f5cbab5397c9b

    Score
    3/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks