Overview

overview

10

Static

static

10

248e435714...e0.dll

windows7_x64

3

248e435714...e0.dll

windows10-2004_x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    248e43571498357b06ddbcc4edffd85597325c1878048025f5d71ede03bb59e0

  • Size

    208KB

  • Sample

    220317-xvrfmaefdl

  • MD5

    3332bce90a459be1450245619882ec2a

  • SHA1

    b2c528e42c4dd64ed71adc613ba55159dae1838c

  • SHA256

    248e43571498357b06ddbcc4edffd85597325c1878048025f5d71ede03bb59e0

  • SHA512

    c878521f502e9ee55465b713e39ec5b341172d828eec4bd75259f60f14eec42bd079f63facddd274cc3502958bd888a2134cc0a680931eca6d849255cfd9c073

Score
10/10
cobaltstrike1873433027

Malware Config

Extracted

Family

cobaltstrike

Botnet

1873433027

C2

http://182.42.106.160:50011/j.ad

Attributes
  • access_type

    512

  • host

    182.42.106.160,/j.ad

  • http_header1

    AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_method1

    GET

  • http_method2

    POST

  • maxdns

    255

  • polling_time

    60000

  • port_number

    50011

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC0cXcAcOn5XSC6Cc6PCdSLlhANL21iXglF1dxJ/ElenYUTV1dEidqdllDaPRQjpx3KmUd6XAoNY+P0cOgwXqxBDLMQisEHJZQyWAUp77cVY7NsSZpkNzSknm5usksqRjGQoPZ9BDpFiEVYTBs6oWHE/mtc6zS1cyLGGk2yXt8icwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /submit.php

  • user_agent

    Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; WOW64; Trident/5.0; msn OptimizedIE8;ENUS)

  • watermark

    1873433027

Targets

    • Target

      248e43571498357b06ddbcc4edffd85597325c1878048025f5d71ede03bb59e0

    • Size

      208KB

    • MD5

      3332bce90a459be1450245619882ec2a

    • SHA1

      b2c528e42c4dd64ed71adc613ba55159dae1838c

    • SHA256

      248e43571498357b06ddbcc4edffd85597325c1878048025f5d71ede03bb59e0

    • SHA512

      c878521f502e9ee55465b713e39ec5b341172d828eec4bd75259f60f14eec42bd079f63facddd274cc3502958bd888a2134cc0a680931eca6d849255cfd9c073

    Score
    3/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks