Overview

overview

10

Static

static

10

beacon2.dll

windows10_x64

1

beacon2.dll

windows10-2004_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    beacon2.bin

  • Size

    203KB

  • Sample

    220401-xhj6safgb8

  • MD5

    52aba49d6cf0d44c1898f38edc2b788f

  • SHA1

    1fe0a1c75e915678dab97f9bdbd6e4943b053678

  • SHA256

    fdbd31b6a92285048459f3d392c85d1f680abddf230040d0298f67d1043a740a

  • SHA512

    8451f01c371e05cae876f6c691829166ea875094551b3eb011e14e2af9a6472a55480dc4ca5792bf281094812d22e22ce858531356366d1f600efea2213fe6d7

Score
10/10
cobaltstrike1359593325

Malware Config

Extracted

Family

cobaltstrike

Botnet

1359593325

C2

http://185.8.105.112:80/eo.css

Attributes
  • access_type

    512

  • host

    185.8.105.112,/eo.css

  • http_header1

    AAAAEAAAABlIb3N0OiB1cGRhdGV2cG5jaXRyaXguY29tAAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAASQWNjZXB0OiBpbWFnZS9qcGVnAAAABwAAAAAAAAADAAAAAwAAAAIAAAA1d29yZHByZXNzX2xvZ2dlZF9pbl8xODcwYTgyOWQ5YmM2OWFiZjUwMGVjYTZmMDAyNDFmZT0AAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAAEAAAABlIb3N0OiB1cGRhdGV2cG5jaXRyaXguY29tAAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAAVQWNjZXB0LUVuY29kaW5nOiBnemlwAAAACgAAABhDb250ZW50LVR5cGU6IHRleHQvcGxhaW4AAAAHAAAAAQAAAAgAAAADAAAABAAAAAcAAAAAAAAAAwAAAAIAAAAOX19zZXNzaW9uX19pZD0AAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • jitter

    9984

  • polling_time

    55973

  • port_number

    80

  • sc_process32

    %windir%\syswow64\WUAUCLT.exe

  • sc_process64

    %windir%\sysnative\WUAUCLT.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJvC2CQYaIouT41kXKVNrM5lLvclGJRE+i3ves+vC0AADUWTPs64Dn/B4eKlQKPpbC/8IgJjadD/B9pZiY8XUlk4dvaagLdjBCq7uSxS+KhVVsX46LBSBgIxaE4AeoZvwBD2n0wdeeI2sbkMvDhhv5s6Nmz12sAtOVGdr8cX3s5QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    1.13010816e+09

  • unknown2

    AAAABAAAAAIAAAbnAAAAAwAAAA8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /hr

  • user_agent

    Mozilla/5.0 (Linux; Android 7.0; Pixel C Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0

  • watermark

    1359593325

Targets

    • Target

      beacon2.bin

    • Size

      203KB

    • MD5

      52aba49d6cf0d44c1898f38edc2b788f

    • SHA1

      1fe0a1c75e915678dab97f9bdbd6e4943b053678

    • SHA256

      fdbd31b6a92285048459f3d392c85d1f680abddf230040d0298f67d1043a740a

    • SHA512

      8451f01c371e05cae876f6c691829166ea875094551b3eb011e14e2af9a6472a55480dc4ca5792bf281094812d22e22ce858531356366d1f600efea2213fe6d7

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks