Overview

overview

10

Static

static

10

449ca98cae...59.dll

windows7_x64

3

449ca98cae...59.dll

windows10-2004_x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    449ca98cae67e67b0a55b11fb2b0db43361bad128ccfa10c75e70e8e8baaf259

  • Size

    206KB

  • Sample

    220707-xdytdafeak

  • MD5

    f796e457e5926408cffebacc4dde86f0

  • SHA1

    b2ea224436eb60d31cca905d505872b7453f5165

  • SHA256

    449ca98cae67e67b0a55b11fb2b0db43361bad128ccfa10c75e70e8e8baaf259

  • SHA512

    ac70385988ba758d6295c329adcee7129f5d680b6a8afb8c6022e59fa81a509ce42d421ce1cff9c1ef734c6e8baaf78078892b7cf92e90eea86c77f0e76d6c39

Score
10/10
cobaltstrike0

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

C2

http://31.44.184.33:80/g.pixel

Attributes
  • access_type

    512

  • crypto_scheme

    256

  • host

    31.44.184.33,/g.pixel

  • http_header1

    AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_method1

    GET

  • http_method2

    POST

  • maxdns

    255

  • pipe_name

    \\%s\pipe\msagent_%x

  • polling_time

    60000

  • port_number

    80

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDqNlV6ioUpgYu3uNpULCQrWsyJgxv/ykq8da/pg0rzJnKtj3Z04xCn/FJGj0rQkVmmo0fRP0szpDbyGvsM9eXyW16lUnsfvPgybHAqD+lpVClhVZpt6UqwyxCZ3RP9GVBdSxlVIag33+Kc4QYMkY/NnwPJ2BcMyDfVGOUDWKMD2wIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /submit.php

  • user_agent

    Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SV1)

  • watermark

    0

Targets

    • Target

      449ca98cae67e67b0a55b11fb2b0db43361bad128ccfa10c75e70e8e8baaf259

    • Size

      206KB

    • MD5

      f796e457e5926408cffebacc4dde86f0

    • SHA1

      b2ea224436eb60d31cca905d505872b7453f5165

    • SHA256

      449ca98cae67e67b0a55b11fb2b0db43361bad128ccfa10c75e70e8e8baaf259

    • SHA512

      ac70385988ba758d6295c329adcee7129f5d680b6a8afb8c6022e59fa81a509ce42d421ce1cff9c1ef734c6e8baaf78078892b7cf92e90eea86c77f0e76d6c39

    Score
    3/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks