General

  • Target

    ab6bc092cb6d2cfbe2b1de77f5260b78b82496365ddf12200404990439c1796c

  • Size

    199KB

  • Sample

    220701-hhcdlsgdcm

  • MD5

    f9dcb2e2eb333cf8f042f7abbe7e45f3

  • SHA1

    73eed326ac894828c3064fb95f3ac2b6c0035004

  • SHA256

    ab6bc092cb6d2cfbe2b1de77f5260b78b82496365ddf12200404990439c1796c

  • SHA512

    7788dd72e29ace8e0db130ab4e987df99afc936767beb7bb67ef472ddf6a14767464edb36fa05381f0dc9011f8e196444674ad903ecf925105db5caf6a010826

Score
10/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

C2

http://85.143.220.138:8080/dpixel

Attributes
  • crypto_scheme

    256

  • host

    85.143.220.138,/dpixel

  • http_header1

    AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_method1

    GET

  • http_method2

    POST

  • maxdns

    255

  • pipe_name

    \\%s\pipe\msagent_%x

  • polling_time

    60000

  • port_number

    8080

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQChvz2oKTJ0/eJ7cFxHaHPhGqqNrEeTk0/ji502tl8m/Hm/oETz8CH0xSxpU5gyg+tG0FqOQY3WOvmPz61LGiGv4spGlz3Hxd8HXEnd3rk560YzaAPlbwB3bBjbPs1GCAYK5qkDOO7a1WhfdEMBDbtZeqY1JpMSSMovpUojps3qLwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /submit.php

  • user_agent

    Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENXA)

  • watermark

    0

Targets

    • Target

      ab6bc092cb6d2cfbe2b1de77f5260b78b82496365ddf12200404990439c1796c

    • Size

      199KB

    • MD5

      f9dcb2e2eb333cf8f042f7abbe7e45f3

    • SHA1

      73eed326ac894828c3064fb95f3ac2b6c0035004

    • SHA256

      ab6bc092cb6d2cfbe2b1de77f5260b78b82496365ddf12200404990439c1796c

    • SHA512

      7788dd72e29ace8e0db130ab4e987df99afc936767beb7bb67ef472ddf6a14767464edb36fa05381f0dc9011f8e196444674ad903ecf925105db5caf6a010826

    Score
    3/10

MITRE ATT&CK Matrix

Tasks