Overview

overview

10

Static

static

10

23e2e7ed66...25.dll

windows7_x64

1

23e2e7ed66...25.dll

windows10-2004_x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    23e2e7ed66d44fb49f1ee87f211596b921fd415dbec7b10b9c47e1e40a155f25

  • Size

    256KB

  • Sample

    220317-yamglsehcj

  • MD5

    dba3ac4ca6c6a943b97a2a702d0a723e

  • SHA1

    d13b2d52b14ddd1cfccb738135e4194ef87ccb64

  • SHA256

    23e2e7ed66d44fb49f1ee87f211596b921fd415dbec7b10b9c47e1e40a155f25

  • SHA512

    406dd2b430b36458f7af7520d692744a62950857ee5fb0be6905f60ef1b6384ae1365d5d7557f95036cbf364abaf23afb0216f2f8cb6ce6a5b918d5454d2ef6c

Score
10/10
cobaltstrike1359593325

Malware Config

Extracted

Family

cobaltstrike

Botnet

1359593325

C2

http://motivationalhindi.in:443/

Attributes
  • access_type

    512

  • beacon_type

    2048

  • host

    motivationalhindi.in,/

  • http_header1

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAeR2V0Q29udGVudEZlYXR1cmVzLkRMTkEuT1JHOiAxAAAAEAAAACNIb3N0OiBkMTF4eGhhNm55dzA5eS5jbG91ZGZyb250Lm5ldAAAAAoAAABIQ29va2llOiAgX191dG1hPTUwOTc4ODY2Ny4wNDgyODI4ODA3LjU5NTkzMzc1MDAuNzY3MzgxNjc2NS42NTY2Mjk2NzE2LjU7AAAACQAAAAl2ZXJzaW9uPTQAAAAJAAAADmxpZD05NjIyNDY4NjQ3AAAABwAAAAAAAAAIAAAABQAAAAV0b2tlbgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAQAAAAI0hvc3Q6IGQxMXh4aGE2bnl3MDl5LmNsb3VkZnJvbnQubmV0AAAABwAAAAAAAAAFAAAAA3JpZAAAAAkAAAAObGlkPTQ1Nzk0NjMxMDAAAAAJAAAAH21ldGhvZD1nZXRTZWFyY2hSZWNvbW1lbmRhdGlvbnMAAAAHAAAAAQAAAAMAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • polling_time

    970

  • port_number

    443

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCU4Ej/+fRXXgiM8iqMXk/7EEinbIwxij/jzyInJQ4haz7k4G41C1+BI2TpaZASSkYRM9iPBzE6Estft99g/Vy/PTlz3hOW1CdtyMWzZB5Jnni46nhc95YDqTzsbnaoNCIjLbl1sQFr7fCmfKZ8deqUpeVhLpK5//ytPWxsGYp6hwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    7.382016e+08

  • unknown2

    AAAABAAAAAIAAAAQAAAAAgAAABAAAAACAAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /radio/xmlrpc/v35

  • user_agent

    Mozilla/5.0 (Windows NT 10.0; WOW64)

  • watermark

    1359593325

Targets

    • Target

      23e2e7ed66d44fb49f1ee87f211596b921fd415dbec7b10b9c47e1e40a155f25

    • Size

      256KB

    • MD5

      dba3ac4ca6c6a943b97a2a702d0a723e

    • SHA1

      d13b2d52b14ddd1cfccb738135e4194ef87ccb64

    • SHA256

      23e2e7ed66d44fb49f1ee87f211596b921fd415dbec7b10b9c47e1e40a155f25

    • SHA512

      406dd2b430b36458f7af7520d692744a62950857ee5fb0be6905f60ef1b6384ae1365d5d7557f95036cbf364abaf23afb0216f2f8cb6ce6a5b918d5454d2ef6c

    Score
    3/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks