Overview

overview

10

Static

static

10

cbca9a92a6...6d.dll

windows7_x64

1

cbca9a92a6...6d.dll

windows10_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cbca9a92a6aa067ff4cab8f1d34ec49ffc9a06c90881f48da369c973182ce06d

  • Size

    207KB

  • Sample

    220124-dxhfysbag7

  • MD5

    721254f41286717aa1cd9d7d652a9fa1

  • SHA1

    b48e7a639d2e51e2ae2efdebb0723fe1f8dd84e6

  • SHA256

    cbca9a92a6aa067ff4cab8f1d34ec49ffc9a06c90881f48da369c973182ce06d

  • SHA512

    5aae8ff3790085e98ec5c20719f15b70b8e225c105ae0f284c0a3d89d6fbb4c93153c8286523ddc0dad371d6a1bc4544718017919a87af456f7376ed129337cb

Score
10/10
cobaltstrike0

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

C2

http://summerevent.webhop.net:443/safebrowsing/rd/tnOztRgLx1ugKt8uumGcreRFm5CqXD9ge-zzz5sA6WzhC

Attributes
  • access_type

    512

  • beacon_type

    2048

  • crypto_scheme

    256

  • host

    summerevent.webhop.net,/safebrowsing/rd/tnOztRgLx1ugKt8uumGcreRFm5CqXD9ge-zzz5sA6WzhC

  • http_header1

    AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAAAoAAAAfQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuNQAAAAoAAAAeQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlAAAABwAAAAAAAAAIAAAAAgAAAAhQUkVGPUlEPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAAAoAAAAfQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuNQAAAAoAAAAeQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlAAAABwAAAAAAAAAIAAAAAgAAABJVPXNSdjg1VUhpakJycldpSHoAAAACAAAACFBSRUY9SUQ9AAAABgAAAAZDb29raWUAAAAHAAAAAQAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_method1

    GET

  • http_method2

    POST

  • jitter

    3840

  • maxdns

    247

  • polling_time

    6600

  • port_number

    443

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDmFvK6fWzx+zTnQqAkZAQv6Eqwme1a80cwMNtrYEJShrKKbgpTy71w5Zd9u7EdBClno3HF9U4/9/tkBRw6PPPRa+W6bgpf97I3/Y0z36I5E/h+UP8h076IkzaWyPHbS1QMOiE6AXC3rCERjgirkn1LKUs+Q+zj0LeN8/QHEq/ZqQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /safebrowsing/rd/r8l4jO3947jVxa5wBhEijGc0y77iX4oFy

  • user_agent

    Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0

  • watermark

    0

Targets

    • Target

      cbca9a92a6aa067ff4cab8f1d34ec49ffc9a06c90881f48da369c973182ce06d

    • Size

      207KB

    • MD5

      721254f41286717aa1cd9d7d652a9fa1

    • SHA1

      b48e7a639d2e51e2ae2efdebb0723fe1f8dd84e6

    • SHA256

      cbca9a92a6aa067ff4cab8f1d34ec49ffc9a06c90881f48da369c973182ce06d

    • SHA512

      5aae8ff3790085e98ec5c20719f15b70b8e225c105ae0f284c0a3d89d6fbb4c93153c8286523ddc0dad371d6a1bc4544718017919a87af456f7376ed129337cb

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks