Overview

overview

10

Static

static

10

3c0bf9bc0e...f1.dll

windows7_x64

3

3c0bf9bc0e...f1.dll

windows10-2004_x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3c0bf9bc0e966ddd5815b543b57d329a679d256b8604a03f4f0254dccc6f6ef1

  • Size

    199KB

  • Sample

    220703-kqk2tsegb3

  • MD5

    4fe2b62d9b3ea999aef94d5cfc8158f1

  • SHA1

    eaa0e61560812a432287667e81eeb8070edfc830

  • SHA256

    3c0bf9bc0e966ddd5815b543b57d329a679d256b8604a03f4f0254dccc6f6ef1

  • SHA512

    47b1ddc2593100fbf5a039fb1a9337921cf4278eef0141af4071cd52bb2ae7da4212420d625a8a366b0e36aa0483ee8f95cf4af01fe4d66e01d69b1dbbdcc193

Score
10/10
cobaltstrike0

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

C2

http://37.252.15.241:80/match

Attributes
  • crypto_scheme

    256

  • host

    37.252.15.241,/match

  • http_header1

    AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_method1

    GET

  • http_method2

    POST

  • maxdns

    255

  • pipe_name

    \\%s\pipe\msagent_%x

  • polling_time

    60000

  • port_number

    80

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDmyW6bqevjWW6DZ6+3cuzxxXBe/IOO5SymlXvl9rws8PkzeMLyzwmJ2JccNm3Z1aOCMeOnht3A5gXbRI+GX7UyXWRxkliGOdBfRW7Oa0Q5CGAxmy2f1WzbbbvEA29nz+EfIlDFmr0h8dfyyrCnsrhjtLpEcGY9HeENppg1VNdLkwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /submit.php

  • user_agent

    Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;PTBR)

  • watermark

    0

Targets

    • Target

      3c0bf9bc0e966ddd5815b543b57d329a679d256b8604a03f4f0254dccc6f6ef1

    • Size

      199KB

    • MD5

      4fe2b62d9b3ea999aef94d5cfc8158f1

    • SHA1

      eaa0e61560812a432287667e81eeb8070edfc830

    • SHA256

      3c0bf9bc0e966ddd5815b543b57d329a679d256b8604a03f4f0254dccc6f6ef1

    • SHA512

      47b1ddc2593100fbf5a039fb1a9337921cf4278eef0141af4071cd52bb2ae7da4212420d625a8a366b0e36aa0483ee8f95cf4af01fe4d66e01d69b1dbbdcc193

    Score
    3/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks