21275c90f94fa2db74a2dce04972a9b29c29a3cb4db625cd2858499947171797

General
Target

21275c90f94fa2db74a2dce04972a9b29c29a3cb4db625cd2858499947171797

Size

256KB

Sample

220316-1mct2sfbej

Score
10 /10
MD5

52329b668417a9ae57d4b2c05f28ea2e

SHA1

a41bd964423ceb0cdd01913c8324a17ad60a8ffc

SHA256

21275c90f94fa2db74a2dce04972a9b29c29a3cb4db625cd2858499947171797

SHA512

2f34095d7426780af20a7dcc3faee7551e899dd854500907abccb9ed46da9fdefb5f6d6b0a26c6de8843e30fca7f5ca24e1c3a3ebd812f56b7f1637d5f0a21cd

Malware Config

Extracted

Family cobaltstrike
Botnet 1
C2

http://124.70.1.140:80/match

Attributes
access_type
512
host
124.70.1.140,/match
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
polling_time
60000
port_number
80
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCTLTYGbQgqToXcc+pq6gVw5nVCzsIWm01YbfUOhKeiWMOVSoC2mD4RhBvhabmgrLNKrrXFX2dpT/bvv793xbWxE9+CqwUZbKhRC3OwknVpMPR9WuugoBwtPvBSz1MR6DaM74bKF23xO/FdYuiHU+uXSJFyPDIrr/Vcz+uQwAu82wIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/submit.php
user_agent
Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)
watermark
1
Targets
Target

21275c90f94fa2db74a2dce04972a9b29c29a3cb4db625cd2858499947171797

MD5

52329b668417a9ae57d4b2c05f28ea2e

Filesize

256KB

Score
1/10
SHA1

a41bd964423ceb0cdd01913c8324a17ad60a8ffc

SHA256

21275c90f94fa2db74a2dce04972a9b29c29a3cb4db625cd2858499947171797

SHA512

2f34095d7426780af20a7dcc3faee7551e899dd854500907abccb9ed46da9fdefb5f6d6b0a26c6de8843e30fca7f5ca24e1c3a3ebd812f56b7f1637d5f0a21cd

Related Tasks

MITRE ATT&CK Matrix
Tasks

static1

10/10

behavioral1

1/10

behavioral2

1/10