General
-
Target
CobaltStrike_932444ae5c42b3d7dd37022550573c3778245f342c11093e212e6578a67d1b84.zip
-
Size
161KB
-
Sample
220628-r943daabfm
-
MD5
fc96e31255110ad8ff65ac4f88ae8495
-
SHA1
b000d67909ef580aa24afe507c2a2d01075d268e
-
SHA256
61124a9608f4e4787cba0daa22a1e6efc65adbeea030547cfa8a797b95d8d509
-
SHA512
c2e42c82fbf7d47b6a1cd33513f1122ed43bb368b04ac2b70faf2f74313aab8757847a023285d9b2a62e100ac762e2169161e3cdc360533a1963518e6d677016
Static task
static1
Behavioral task
behavioral1
Sample
CobaltStrike_932444ae5c42b3d7dd37022550573c3778245f342c11093e212e6578a67d1b84.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
CobaltStrike_932444ae5c42b3d7dd37022550573c3778245f342c11093e212e6578a67d1b84.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
cobaltstrike
305419896
http://192.168.126.129:80/IE9CompatViewList.xml
-
access_type
512
-
host
192.168.126.129,/IE9CompatViewList.xml
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_method1
GET
-
http_method2
POST
-
maxdns
255
-
polling_time
60000
-
port_number
80
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCICSreunmVHdqYxD+i6BS5Eous03SQtGKUIeDQBLMKbLY53bewypd5ssdz0EubCVmzf/7bZHT7BYYh0ImtVN+HUtj0snkUbz8evYqWk20VZmo3LApCi5PJeGxmWu2Ho/Iga/ieMuOF6VmzAMB7FZQth60u2eJ+mavuRcWleUm2XQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727)
-
watermark
305419896
Extracted
cobaltstrike
0
-
watermark
0
Targets
-
-
Target
CobaltStrike_932444ae5c42b3d7dd37022550573c3778245f342c11093e212e6578a67d1b84.bin
-
Size
281KB
-
MD5
77f7c4bb2a66a5100bd34ad18f941fc3
-
SHA1
a7f1f18d1e527b3f86f4cd9121fbbb59ef0d494c
-
SHA256
932444ae5c42b3d7dd37022550573c3778245f342c11093e212e6578a67d1b84
-
SHA512
76a94a74cec1d7bfc7a34542342d75ed8d041b54634e6bd4346c8e15c955f640cfbfde969082a1eec8c95a6830665f413f3b5e0fbcc6afbadf437f72875c5916
Score10/10 -