Overview

overview

10

Static

static

10

b63d83089e...da.dll

windows7_x64

3

b63d83089e...da.dll

windows10-2004_x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b63d83089effe2fc647f703183fe6ab7d0ae8a4f0df375c2bd1f22a10bbc67da

  • Size

    206KB

  • Sample

    220707-17hwssgbd6

  • MD5

    43a245f94f479a1b5d6e6f3fa4c71e1a

  • SHA1

    5e0118c611d2907e0232e0549c33845a8251e9df

  • SHA256

    b63d83089effe2fc647f703183fe6ab7d0ae8a4f0df375c2bd1f22a10bbc67da

  • SHA512

    2b36e42a72e3f5ce6b32a6bfa6d6d908eeb963ad12b2f5154ad95c9b6d4f35d98af64d9380730bed2672b0d260d4808a62412bdd139d7f8a18cb1db9458d9868

Score
10/10
cobaltstrike0

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

C2

http://159.75.31.97:80/match

Attributes
  • access_type

    512

  • host

    159.75.31.97,/match

  • http_header1

    AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • polling_time

    60000

  • port_number

    80

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCosUQTWwQrV6HKIEj14MYkuYNSkz1TymcAP5fow2OYmGdLdKTelAbgX4VniirBO2U+erT635Tncdl7ou4Nvlh2vlAlXwBATglK7Lw+07KGrIH5smoeJt8sA2PUhZ5j1MF40A4yKHhfh+SGI+ZLqgYkuI+Mlp/Qvk8OAJ7cEH3lCQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /submit.php

  • user_agent

    Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENUS)

  • watermark

    0

Targets

    • Target

      b63d83089effe2fc647f703183fe6ab7d0ae8a4f0df375c2bd1f22a10bbc67da

    • Size

      206KB

    • MD5

      43a245f94f479a1b5d6e6f3fa4c71e1a

    • SHA1

      5e0118c611d2907e0232e0549c33845a8251e9df

    • SHA256

      b63d83089effe2fc647f703183fe6ab7d0ae8a4f0df375c2bd1f22a10bbc67da

    • SHA512

      2b36e42a72e3f5ce6b32a6bfa6d6d908eeb963ad12b2f5154ad95c9b6d4f35d98af64d9380730bed2672b0d260d4808a62412bdd139d7f8a18cb1db9458d9868

    Score
    3/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks