Overview

overview

10

Static

static

10

1d747d90f7...55.dll

windows7_x64

1

1d747d90f7...55.dll

windows10-2004_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1d747d90f7ed44098365728db8c1ded03f95d273172f1f1cff6e4b32737d7655

  • Size

    255KB

  • Sample

    220316-qpj12aecb5

  • MD5

    96c460c1e0249642a8f2bee9cc2fd0b6

  • SHA1

    63c655a08c2c7ff9bf043ac8670564beaa0a7f1f

  • SHA256

    1d747d90f7ed44098365728db8c1ded03f95d273172f1f1cff6e4b32737d7655

  • SHA512

    ca65906c29bb0a9324960ae1fd464cceb148414590b7ff5edef836fe92db2678ca51050a9db9af0a67277e4621e8157763c2a446854cbed39c17b16c2719eb23

Score
10/10
cobaltstrike1359593325

Malware Config

Extracted

Family

cobaltstrike

Botnet

1359593325

C2

http://103.143.40.43:443/updates

Attributes
  • access_type

    512

  • beacon_type

    2048

  • host

    103.143.40.43,/updates

  • http_header1

    AAAABwAAAAAAAAALAAAAAgAAAAV1c2VyPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAACgAAABJBY2NlcHQ6IHRleHQvcGxhaW4AAAAKAAAAFkFjY2VwdC1MYW5ndWFnZTogZW4tdXMAAAAKAAAAG0FjY2VwdC1FbmNvZGluZzogdGV4dC9wbGFpbgAAAAoAAAAvQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQAAAAHAAAAAAAAAAgAAAAFAAAAAmlkAAAABwAAAAEAAAADAAAAAgAAADsmb3A9MSZpZD12eGV5a1MmdWk9Sm9zaCBAIFBDJnd2PTExJmdyPWJhY2tvZmYmYnY9MS41NSZkYXRhPQAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • jitter

    2560

  • polling_time

    5000

  • port_number

    443

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCHpIEDN6tkACIvuilbtbJCQ5IcGjzDii0smit3zjbjouDMteTGpYtyYdmjKGexmJwGpPTIDJEWqNq1raZCJAMRfrHUOeseRNJj6zvLrBZVVWkZ3sHSN301GkXP8sdFmQI83S903siTkAUOKLlQaPNzvSqIy4/jIFqLkk4ZMRxyfQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    1.481970944e+09

  • unknown2

    AAAABAAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /aircanada/dark.php

  • user_agent

    Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Firefox/24.0

  • watermark

    1359593325

Targets

    • Target

      1d747d90f7ed44098365728db8c1ded03f95d273172f1f1cff6e4b32737d7655

    • Size

      255KB

    • MD5

      96c460c1e0249642a8f2bee9cc2fd0b6

    • SHA1

      63c655a08c2c7ff9bf043ac8670564beaa0a7f1f

    • SHA256

      1d747d90f7ed44098365728db8c1ded03f95d273172f1f1cff6e4b32737d7655

    • SHA512

      ca65906c29bb0a9324960ae1fd464cceb148414590b7ff5edef836fe92db2678ca51050a9db9af0a67277e4621e8157763c2a446854cbed39c17b16c2719eb23

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks