Overview

overview

10

Static

static

10

3f4856258c...81.dll

windows7_x64

1

3f4856258c...81.dll

windows10-2004_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3f4856258cd09269d1734e2ce59e65c3d78e1851ded21aaef8564d70d8faf081

  • Size

    208KB

  • Sample

    220316-mxaksacfg5

  • MD5

    999e5303e472c93e4c9167f1026554a0

  • SHA1

    aab1d63de76ed1ab198f85637e3ebb1232c4c9f2

  • SHA256

    3f4856258cd09269d1734e2ce59e65c3d78e1851ded21aaef8564d70d8faf081

  • SHA512

    df2d72d5e8b1f24e1a7d705fedb71b34ff04939a12b895db7a551594441f0fbe64c4acd0469e69b375159a47764f824050656dccb1465a7f8eae763be290d7ec

Score
10/10
cobaltstrike1873433027

Malware Config

Extracted

Family

cobaltstrike

Botnet

1873433027

C2

http://182.92.188.198:80/dot.gif

Attributes
  • access_type

    512

  • host

    182.92.188.198,/dot.gif

  • http_header1

    AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_method1

    GET

  • http_method2

    POST

  • maxdns

    255

  • polling_time

    60000

  • port_number

    80

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtlvCbO9iHyvSy+csCK/Zq7QXyTU3N89E/J2twc7CWmjjLzNi9Z6J2BPZmKUf0Adm5C9aC0wMZwQvOTnTcYFia9MxBOIl1KqpPccvzppj1L/Rd3MPiCLYVQX9SZjHXiYjvzzm70z3pMiywEg1zHNjTjGlKYUXiIIhAcVrkiX6KsQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /submit.php

  • user_agent

    Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)

  • watermark

    1873433027

Targets

    • Target

      3f4856258cd09269d1734e2ce59e65c3d78e1851ded21aaef8564d70d8faf081

    • Size

      208KB

    • MD5

      999e5303e472c93e4c9167f1026554a0

    • SHA1

      aab1d63de76ed1ab198f85637e3ebb1232c4c9f2

    • SHA256

      3f4856258cd09269d1734e2ce59e65c3d78e1851ded21aaef8564d70d8faf081

    • SHA512

      df2d72d5e8b1f24e1a7d705fedb71b34ff04939a12b895db7a551594441f0fbe64c4acd0469e69b375159a47764f824050656dccb1465a7f8eae763be290d7ec

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks