Overview

overview

10

Static

static

10

24e3e7ce46...03.dll

windows7_x64

1

24e3e7ce46...03.dll

windows10-2004_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    24e3e7ce4615cae80c23640d388bce477a09dcb028bb6d329eebbed1f2ec6d03

  • Size

    255KB

  • Sample

    220317-a4xmnshfh2

  • MD5

    d416729ac91bacfd8bf50f2c73b2f911

  • SHA1

    4fe47612d1f1c3b224bf1a7310102480f678a018

  • SHA256

    24e3e7ce4615cae80c23640d388bce477a09dcb028bb6d329eebbed1f2ec6d03

  • SHA512

    442c889c72011abbcb26b7a5b1574185a76071a648732669f1a7b522dee40fcb6c88c4aade274cdac3984ecdec9de29997437b9c03c3512334425ff00bfa40fe

Score
10/10
cobaltstrike1359593325

Malware Config

Extracted

Family

cobaltstrike

Botnet

1359593325

C2

http://5.181.156.210:443/c/msdownload/update/others/2016/12/29136388_

Attributes
  • access_type

    512

  • beacon_type

    2048

  • host

    5.181.156.210,/c/msdownload/update/others/2016/12/29136388_

  • http_header1

    AAAACgAAAAtBY2NlcHQ6ICovKgAAABAAAAAgSG9zdDogZG93bmxvYWQud2luZG93c3VwZGF0ZS5jb20AAAAHAAAAAAAAAA0AAAABAAAABC5jYWIAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAcAAAAAAAAAAgAAAB1kb3dubG9hZC53aW5kb3dzdXBkYXRlLmNvbS9jLwAAAAYAAAAESG9zdAAAAAcAAAABAAAADQAAAAEAAAAELmNhYgAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    GET

  • jitter

    5120

  • polling_time

    60000

  • port_number

    443

  • sc_process32

    %windir%\syswow64\arp.exe

  • sc_process64

    %windir%\sysnative\arp.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCnCZHWnYFqYB/6gJdkc4MPDTtBJ20nkEAd3tsY4tPKs8MV4yIjJb5CtlrbKHjzP1oD/1AQsj6EKlEMFIKtakLx5+VybrMYE+dDdkDteHmVX0AeFyw001FyQVlt1B+OSNPRscKI5sh1L/ZdwnrMy6S6nNbQ5N5hls6k2kgNO5nQ7QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown3

    1.610612736e+09

  • uri

    /c/msdownload/update/others/2016/12/3215234_

  • user_agent

    Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.40

  • watermark

    1359593325

Targets

    • Target

      24e3e7ce4615cae80c23640d388bce477a09dcb028bb6d329eebbed1f2ec6d03

    • Size

      255KB

    • MD5

      d416729ac91bacfd8bf50f2c73b2f911

    • SHA1

      4fe47612d1f1c3b224bf1a7310102480f678a018

    • SHA256

      24e3e7ce4615cae80c23640d388bce477a09dcb028bb6d329eebbed1f2ec6d03

    • SHA512

      442c889c72011abbcb26b7a5b1574185a76071a648732669f1a7b522dee40fcb6c88c4aade274cdac3984ecdec9de29997437b9c03c3512334425ff00bfa40fe

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks