General

  • Target

    CobaltStrike_932444ae5c42b3d7dd37022550573c3778245f342c11093e212e6578a67d1b84.zip

  • Size

    161KB

  • Sample

    220628-r943daabfm

  • MD5

    fc96e31255110ad8ff65ac4f88ae8495

  • SHA1

    b000d67909ef580aa24afe507c2a2d01075d268e

  • SHA256

    61124a9608f4e4787cba0daa22a1e6efc65adbeea030547cfa8a797b95d8d509

  • SHA512

    c2e42c82fbf7d47b6a1cd33513f1122ed43bb368b04ac2b70faf2f74313aab8757847a023285d9b2a62e100ac762e2169161e3cdc360533a1963518e6d677016

Malware Config

Extracted

Family

cobaltstrike

Botnet

305419896

C2

http://192.168.126.129:80/IE9CompatViewList.xml

Attributes
  • access_type

    512

  • host

    192.168.126.129,/IE9CompatViewList.xml

  • http_header1

    AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_method1

    GET

  • http_method2

    POST

  • maxdns

    255

  • polling_time

    60000

  • port_number

    80

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCICSreunmVHdqYxD+i6BS5Eous03SQtGKUIeDQBLMKbLY53bewypd5ssdz0EubCVmzf/7bZHT7BYYh0ImtVN+HUtj0snkUbz8evYqWk20VZmo3LApCi5PJeGxmWu2Ho/Iga/ieMuOF6VmzAMB7FZQth60u2eJ+mavuRcWleUm2XQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /submit.php

  • user_agent

    Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727)

  • watermark

    305419896

Extracted

Family

cobaltstrike

Botnet

0

Attributes
  • watermark

    0

Targets

    • Target

      CobaltStrike_932444ae5c42b3d7dd37022550573c3778245f342c11093e212e6578a67d1b84.bin

    • Size

      281KB

    • MD5

      77f7c4bb2a66a5100bd34ad18f941fc3

    • SHA1

      a7f1f18d1e527b3f86f4cd9121fbbb59ef0d494c

    • SHA256

      932444ae5c42b3d7dd37022550573c3778245f342c11093e212e6578a67d1b84

    • SHA512

      76a94a74cec1d7bfc7a34542342d75ed8d041b54634e6bd4346c8e15c955f640cfbfde969082a1eec8c95a6830665f413f3b5e0fbcc6afbadf437f72875c5916

MITRE ATT&CK Matrix

Tasks