Overview

overview

10

Static

static

10

17903e9f4b...3d.dll

windows7_x64

1

17903e9f4b...3d.dll

windows10-2004_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    17903e9f4bb4b5e8a37c23097125928987701aad72ce0a265128e314fc46b33d

  • Size

    260KB

  • Sample

    220315-xmxmnsdber

  • MD5

    ca400e87cc280855402a65d4b7fbd3dc

  • SHA1

    2f8e409be5da2254863a68ecc39fba9bcade7fb1

  • SHA256

    17903e9f4bb4b5e8a37c23097125928987701aad72ce0a265128e314fc46b33d

  • SHA512

    607d86694eb608192308d6fd8c8d44ef64e733891fab56d77bc9d9d2df8fe7792354e05dd109465dbe5b3e6d477031ff5546b6a96bc165389ee1b38643d0cc82

Score
10/10
cobaltstrike1873433027

Malware Config

Extracted

Family

cobaltstrike

Botnet

1873433027

C2

http://103.73.97.119:443/updates

Attributes
  • access_type

    512

  • beacon_type

    2048

  • dns_idle

    6.7373064e+07

  • host

    103.73.97.119,/updates

  • http_header1

    AAAABwAAAAAAAAALAAAAAgAAAAZkZWJ1Zz0AAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAACgAAABJBY2NlcHQ6IHRleHQvcGxhaW4AAAAKAAAAFkFjY2VwdC1MYW5ndWFnZTogZW4tdXMAAAAKAAAAG0FjY2VwdC1FbmNvZGluZzogdGV4dC9wbGFpbgAAAAoAAAAvQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQAAAAHAAAAAAAAAAgAAAAFAAAAA3BpZAAAAAcAAAABAAAAAwAAAAIAAAAaJnR5cGU9MiZpZD13aW4mdWk9UEMmZGF0YT0AAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_method1

    GET

  • http_method2

    POST

  • jitter

    2560

  • maxdns

    235

  • polling_time

    5000

  • port_number

    443

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCcKS/9N/da0DTfieGSUwYvPbLYVW4E0T5EySJhN51Lp85zjd9tvqO/EMZJcsjmCWBc9boiP5tN+vbuiHuWLpH5IlvtXTg9eo3Z2lC18Gb14oRYMrL3OyX6edJ/dbbQx9vYGETlNfsur+5kDyXqTP7fBvNLz6TH11dn7bGN9Xk5wwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    1.481970944e+09

  • unknown2

    AAAABAAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /debug/updcheck

  • user_agent

    Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Firefox/24.0

  • watermark

    1873433027

Targets

    • Target

      17903e9f4bb4b5e8a37c23097125928987701aad72ce0a265128e314fc46b33d

    • Size

      260KB

    • MD5

      ca400e87cc280855402a65d4b7fbd3dc

    • SHA1

      2f8e409be5da2254863a68ecc39fba9bcade7fb1

    • SHA256

      17903e9f4bb4b5e8a37c23097125928987701aad72ce0a265128e314fc46b33d

    • SHA512

      607d86694eb608192308d6fd8c8d44ef64e733891fab56d77bc9d9d2df8fe7792354e05dd109465dbe5b3e6d477031ff5546b6a96bc165389ee1b38643d0cc82

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks