Overview

overview

10

Static

static

10

42cba18753...24.dll

windows7_x64

1

42cba18753...24.dll

windows10-2004_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    42cba18753fcbb3fb2b0c2965488962e1c7a472c031ade7ceae20e73a91b0924

  • Size

    255KB

  • Sample

    220316-kpe47ahfgm

  • MD5

    a8a8e42db1fd4025b93e3af67091955a

  • SHA1

    b31bc86e37c01f6a4a2142782b352be790db9997

  • SHA256

    42cba18753fcbb3fb2b0c2965488962e1c7a472c031ade7ceae20e73a91b0924

  • SHA512

    1586e68931f3d6a8185125e25c461ccae503a1d50d9bdad450b542f3f88a9c227593d346bbc9a0b8fcd0252755814c7a7548a3434761028ad3b71dafed90597a

Score
10/10
cobaltstrike1359593325

Malware Config

Extracted

Family

cobaltstrike

Botnet

1359593325

C2

http://178.128.233.247:80/pixel

Attributes
  • access_type

    512

  • host

    178.128.233.247,/pixel

  • http_header1

    AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • polling_time

    60000

  • port_number

    80

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCathlj7Yqm5Vk7laxbZj/jqWYePtZfdwgw/Vu7GUsxNcztIv48wV7xBubDozf4lhMn3NqtqS2p3a5hKWm9+w8iGA0898/vBcwLud+v3wihM1ifO7Tz5TcTPIgXF6vrxnsKXbpJ5wxThT0OhpGNVLIgLPlsPzFQH8ge4pFBIRFcbQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /submit.php

  • user_agent

    Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NP08; MAAU; NP08)

  • watermark

    1359593325

Targets

    • Target

      42cba18753fcbb3fb2b0c2965488962e1c7a472c031ade7ceae20e73a91b0924

    • Size

      255KB

    • MD5

      a8a8e42db1fd4025b93e3af67091955a

    • SHA1

      b31bc86e37c01f6a4a2142782b352be790db9997

    • SHA256

      42cba18753fcbb3fb2b0c2965488962e1c7a472c031ade7ceae20e73a91b0924

    • SHA512

      1586e68931f3d6a8185125e25c461ccae503a1d50d9bdad450b542f3f88a9c227593d346bbc9a0b8fcd0252755814c7a7548a3434761028ad3b71dafed90597a

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks