General

  • Target

    4b6ec41074a31da833e66fd7cb668b0225a5045a56bcf25fd6f73564c84e9354

  • Size

    731KB

  • Sample

    220712-lzk9madagn

  • MD5

    ae97823e4bcf5dff2c36746ae666b249

  • SHA1

    f5bfbc4978392f0fd595c4f45953902cea8ae8ec

  • SHA256

    4b6ec41074a31da833e66fd7cb668b0225a5045a56bcf25fd6f73564c84e9354

  • SHA512

    ede2030672adc5bca446e50948127cc21b62ed70a7be1f09f60aadc60c8e86f60c432266a0d658edac0f76851a5eb4ec9c7ca2e03cdd3d81ed28e8d9fde40413

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

Attributes
  • watermark

    0

Extracted

Family

cobaltstrike

Botnet

305419896

C2

http://balalaikabrasss.com:443/Content

Attributes
  • access_type

    512

  • beacon_type

    2048

  • dns_idle

    2.778920455e+09

  • dns_sleep

    1.996488704e+09

  • host

    balalaikabrasss.com,/Content

  • http_header1

    AAAAEAAAABlIb3N0OiBiYWxhbGFpa2FicmFzc3MuY29tAAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAASQWNjZXB0OiBpbWFnZS9qcGVnAAAACgAAABNBY2NlcHQtRW5jb2Rpbmc6IGJyAAAABwAAAAAAAAAPAAAAAwAAAAIAAAAFU1NJRD0AAAAGAAAABkNvb2tpZQAAAAkAAAAMbmV3bmFtZT10cnVlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAAEAAAABlIb3N0OiBiYWxhbGFpa2FicmFzc3MuY29tAAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAAVQWNjZXB0LUVuY29kaW5nOiBnemlwAAAACgAAAC9Db250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZAAAAAcAAAABAAAACAAAAAMAAAACAAAABmFncmVlPQAAAAQAAAAHAAAAAAAAAAMAAAACAAAADl9fc2Vzc2lvbl9faWQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_method1

    GET

  • http_method2

    POST

  • jitter

    9472

  • maxdns

    247

  • polling_time

    55063

  • port_number

    443

  • sc_process32

    %windir%\syswow64\runonce.exe

  • sc_process64

    %windir%\sysnative\runonce.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCG1+V8zMTEc5v3K4FQCpQF3/J8/QqUI5g6L5lit9z+wNIeXn/Jn1fqEwGvHt0Hbf2u9Oluk3GeREfLWPfZQigPqwBC3a0rqBEdQg6dQNNlMGOl7AkUOdwohCmjlF+yP/a8sX0/dHPghUxB9jESaJsv2ZccXtr0HlIl/GM/tkGdewIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4.272630272e+09

  • unknown2

    AAAABAAAAAIAAAFSAAAAAwAAAAsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /ms

  • user_agent

    Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.246

  • watermark

    305419896

Targets

    • Target

      4b6ec41074a31da833e66fd7cb668b0225a5045a56bcf25fd6f73564c84e9354

    • Size

      731KB

    • MD5

      ae97823e4bcf5dff2c36746ae666b249

    • SHA1

      f5bfbc4978392f0fd595c4f45953902cea8ae8ec

    • SHA256

      4b6ec41074a31da833e66fd7cb668b0225a5045a56bcf25fd6f73564c84e9354

    • SHA512

      ede2030672adc5bca446e50948127cc21b62ed70a7be1f09f60aadc60c8e86f60c432266a0d658edac0f76851a5eb4ec9c7ca2e03cdd3d81ed28e8d9fde40413

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Tasks