General

  • Target

    88207855694a597b05d12fcbc41f8c8a82299ca5cd52db79d0e1a82c94cc18ea

  • Size

    652KB

  • Sample

    220704-jc8ejafcfr

  • MD5

    12b6899a26489399662c49bf242d97ef

  • SHA1

    ae4e7d92c0759bb1dc7ea6f513f48a960c42c175

  • SHA256

    88207855694a597b05d12fcbc41f8c8a82299ca5cd52db79d0e1a82c94cc18ea

  • SHA512

    651c9158b2b0c266b33b738296072e725d959f8d23e2e4853f0e8d3322d5578554c8542f0f5d84db93d07f25f2728c33f0119f27a5200c7d28fc0083fdffdbf8

Malware Config

Extracted

Family

cobaltstrike

Botnet

1234567890

C2

http://api.moyu.ac.cn:443/uuid/videos

Attributes
  • access_type

    512

  • beacon_type

    2048

  • host

    api.moyu.ac.cn,/uuid/videos

  • http_header1

    AAAAEAAAABZIb3N0OiBuczEuYmRzdGF0aWMuY29tAAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAAAoAAAAfQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuNQAAAAcAAAAAAAAACAAAAAIAAAAOUkVGPUlEPVRaMDJQT3IAAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAAEAAAABZIb3N0OiBuczEuYmRzdGF0aWMuY29tAAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAAAoAAAAfQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuNQAAAAcAAAAAAAAACAAAAAIAAAAJVT1UWjAyUE9yAAAAAgAAAAdSRUY9SUQ9AAAABgAAAAZDb29raWUAAAAHAAAAAQAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • jitter

    7680

  • polling_time

    5000

  • port_number

    443

  • sc_process32

    %windir%\syswow64\gpupdate.exe

  • sc_process64

    %windir%\sysnative\gpupdate.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQ1WPvf7aELZRZokvaJDaka6uzBaOHqVo4/cw9TVy4I6ribK9Rz3F8HLxg3soB0AWatM9415OFOKXpT/xBh8HAb0UaU6MU9oz/aWODEi1kGWtpGVqLmTlNVvhhCskk1i3v8nphtx5pLJX2Rr3jRJ1QM5v5df7lGDE4DKnnnXMnXwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /uuid/video

  • user_agent

    Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4301.0 Safari/537.36

  • watermark

    1234567890

Targets

    • Target

      88207855694a597b05d12fcbc41f8c8a82299ca5cd52db79d0e1a82c94cc18ea

    • Size

      652KB

    • MD5

      12b6899a26489399662c49bf242d97ef

    • SHA1

      ae4e7d92c0759bb1dc7ea6f513f48a960c42c175

    • SHA256

      88207855694a597b05d12fcbc41f8c8a82299ca5cd52db79d0e1a82c94cc18ea

    • SHA512

      651c9158b2b0c266b33b738296072e725d959f8d23e2e4853f0e8d3322d5578554c8542f0f5d84db93d07f25f2728c33f0119f27a5200c7d28fc0083fdffdbf8

MITRE ATT&CK Matrix

Tasks