Overview

overview

10

Static

static

10

d0dd18fe48...16.dll

windows7_x64

3

d0dd18fe48...16.dll

windows10_x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d0dd18fe48a4348c8ac59215f46923e9ebfc1373400c5ff881b3e2516f602216

  • Size

    192KB

  • Sample

    220122-atts2aehf7

  • MD5

    9a26caecb97f0d98d128202bc4670ea7

  • SHA1

    2b7343058813beb94719717437a0f1504dcad776

  • SHA256

    d0dd18fe48a4348c8ac59215f46923e9ebfc1373400c5ff881b3e2516f602216

  • SHA512

    c9db99771a71d613d0ef083679e68118c5c54cf81c436b251c3e325575e4c7ddd66e4846c173d68e8a750264508e7017dea4d45219186a669265b408cca50752

Score
10/10
cobaltstrike0

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

C2

http://185.166.239.49:443/fwlink

Attributes
  • beacon_type

    2048

  • host

    185.166.239.49,/fwlink

  • http_header1

    AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • maxdns

    255

  • pipe_name

    \\%s\pipe\msagent_%x

  • polling_time

    60000

  • port_number

    443

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCURrAU5kem3Cjm4im4VO5l4QipYdrQvA01OdZev8fY3wJ57F7HDlqgHWUtemUWYlUC7JbzcaGzEFIp6KvFsGFMO3JM2eemqHQMU1zKFfI1eJnioRcEb3A8fHtZcxej/6vTxQ6R05ISLCBehEQFWJUsQydb+/d3YxShQGKNjJPxNwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /submit.php

  • user_agent

    Mozilla/5.0 (compatible; MSIE 9.0; qdesk 2.4.1263.203; Windows NT 6.1; WOW64; Trident/5.0)

  • watermark

    0

Targets

    • Target

      d0dd18fe48a4348c8ac59215f46923e9ebfc1373400c5ff881b3e2516f602216

    • Size

      192KB

    • MD5

      9a26caecb97f0d98d128202bc4670ea7

    • SHA1

      2b7343058813beb94719717437a0f1504dcad776

    • SHA256

      d0dd18fe48a4348c8ac59215f46923e9ebfc1373400c5ff881b3e2516f602216

    • SHA512

      c9db99771a71d613d0ef083679e68118c5c54cf81c436b251c3e325575e4c7ddd66e4846c173d68e8a750264508e7017dea4d45219186a669265b408cca50752

    Score
    3/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks