General

  • Target

    beacon.bin

  • Size

    203KB

  • Sample

    220401-xc174sbfhk

  • MD5

    c7a4ff6b89e267e81f68647c5f941895

  • SHA1

    ef949d895259c2d541ed7001d66c1151808bd46f

  • SHA256

    87a666af5422e0f30dc1ab9d137bc678b76a2a5610c34437f040419d494aef85

  • SHA512

    83c4db0741dc2caf46e5fb13dcb0c6073affd395d7826769dcdc769dfd65452f93ab98a2ddffe65de06a0a365804bf1a23119d87a5161f882f737a99b4a174a8

Malware Config

Extracted

Family

cobaltstrike

Botnet

1359593325

C2

http://5.199.162.220:80/ki

Attributes
  • access_type

    512

  • host

    5.199.162.220,/ki

  • http_header1

    AAAAEAAAABlIb3N0OiBtaWtyb3NvZnR1cGRhdGUuY29tAAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAATQWNjZXB0LUVuY29kaW5nOiBicgAAAAoAAAAlQWNjZXB0LUxhbmd1YWdlOiBlbi1HQjtxPTAuOSwgKjtxPTAuNwAAAAcAAAAAAAAACAAAAAMAAAACAAAAA2x1PQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAAEAAAABlIb3N0OiBtaWtyb3NvZnR1cGRhdGUuY29tAAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAAZQWNjZXB0LUVuY29kaW5nOiBnemlwLCBicgAAAAoAAAAvQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQAAAAHAAAAAQAAAAMAAAADAAAAAgAAAAZmbGFzaD0AAAAEAAAABwAAAAAAAAADAAAAAgAAAA5fX3Nlc3Npb25fX2lkPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • jitter

    10496

  • polling_time

    64485

  • port_number

    80

  • sc_process32

    %windir%\syswow64\regsvr32.exe

  • sc_process64

    %windir%\sysnative\regsvr32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJvC2CQYaIouT41kXKVNrM5lLvclGJRE+i3ves+vC0AADUWTPs64Dn/B4eKlQKPpbC/8IgJjadD/B9pZiY8XUlk4dvaagLdjBCq7uSxS+KhVVsX46LBSBgIxaE4AeoZvwBD2n0wdeeI2sbkMvDhhv5s6Nmz12sAtOVGdr8cX3s5QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    6.1158912e+08

  • unknown2

    AAAABAAAAAIAAAJYAAAAAwAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /us

  • user_agent

    Mozilla/5.0 (Linux; Android 8.0.0; SM-G960F Build/R16NW) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202

  • watermark

    1359593325

Targets

    • Target

      beacon.bin

    • Size

      203KB

    • MD5

      c7a4ff6b89e267e81f68647c5f941895

    • SHA1

      ef949d895259c2d541ed7001d66c1151808bd46f

    • SHA256

      87a666af5422e0f30dc1ab9d137bc678b76a2a5610c34437f040419d494aef85

    • SHA512

      83c4db0741dc2caf46e5fb13dcb0c6073affd395d7826769dcdc769dfd65452f93ab98a2ddffe65de06a0a365804bf1a23119d87a5161f882f737a99b4a174a8

    Score
    1/10

MITRE ATT&CK Matrix

Tasks