Overview

overview

10

Static

static

10

42e912391d...fd.dll

windows7_x64

3

42e912391d...fd.dll

windows10-2004_x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    42e912391dc39e96b94c9627a8d959c105e5d59498c715b35c5976aa43d722fd

  • Size

    202KB

  • Sample

    220708-az85xaagbn

  • MD5

    573d3bd76d7081d9d3157418c3ef93de

  • SHA1

    65d892e0b5c17cc5f61edd7ae8fa9b8cf6b8b2e1

  • SHA256

    42e912391dc39e96b94c9627a8d959c105e5d59498c715b35c5976aa43d722fd

  • SHA512

    9b895748f35abca711e5aa24637e06faf228ad8e67e0e964fb438f1007471c6b5bdf6b072d98d4ff071b5cd580a44798279e558fd5284822467bd51d45a55a7b

Score
10/10
cobaltstrike0

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

C2

http://188.166.165.121:4466/j.ad

Attributes
  • access_type

    512

  • create_remote_thread

    256

  • crypto_scheme

    256

  • host

    188.166.165.121,/j.ad

  • http_header1

    AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_method1

    GET

  • http_method2

    POST

  • maxdns

    255

  • pipe_name

    \\%s\pipe\msagent_%x

  • polling_time

    60000

  • port_number

    4466

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCUH/WNn/6j6dXvguc9max1t3WmTc31pC23CvBLYfB5rto3DY1b4Afzi0QHgasdNmZJ35cdAvm5nOynqCVaWp9Zl5ItbBYRxOIOaFIPZV0cQTpLc9LH9RXmKuvvEXO+tXrRvJy7iQBpOtHOMYA7n2FLvlB5PapvQ7IH1QxKLN53AQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /submit.php

  • user_agent

    Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322)

  • watermark

    0

Targets

    • Target

      42e912391dc39e96b94c9627a8d959c105e5d59498c715b35c5976aa43d722fd

    • Size

      202KB

    • MD5

      573d3bd76d7081d9d3157418c3ef93de

    • SHA1

      65d892e0b5c17cc5f61edd7ae8fa9b8cf6b8b2e1

    • SHA256

      42e912391dc39e96b94c9627a8d959c105e5d59498c715b35c5976aa43d722fd

    • SHA512

      9b895748f35abca711e5aa24637e06faf228ad8e67e0e964fb438f1007471c6b5bdf6b072d98d4ff071b5cd580a44798279e558fd5284822467bd51d45a55a7b

    Score
    3/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks