Overview

overview

10

Static

static

10

57ef2c7b9d...76.dll

windows7-x64

1

57ef2c7b9d...76.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    57ef2c7b9d34f6ebe5673e97eefc0feeaac7d1bfc5e5c9c6016412dafbec1d76

  • Size

    255KB

  • Sample

    220724-vtp53acbe7

  • MD5

    8c90f4e68b516806faa0104270fe7513

  • SHA1

    9e329c096f90dbc479c8f2d581fcd7e761f3c6a2

  • SHA256

    57ef2c7b9d34f6ebe5673e97eefc0feeaac7d1bfc5e5c9c6016412dafbec1d76

  • SHA512

    778ad7fd3b1f2e74c5c09ccb31dd9f2e6f19b56816a9450003ca86a79db92b4897ad4b461745ee5acfa99697055fced3fa210666c4b2b6e05370a26f34a49912

Score
10/10
cobaltstrike1359593325

Malware Config

Extracted

Family

cobaltstrike

Botnet

1359593325

C2

http://c.virscan.xyz:80/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes
  • access_type

    512

  • host

    c.virscan.xyz,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

  • http_header1

    AAAACgAAAAtBY2NlcHQ6ICovKgAAABAAAAATSG9zdDogYy52aXJzY2FuLnh5egAAAAcAAAAAAAAAAwAAAAIAAAAOc2Vzc2lvbi10b2tlbj0AAAACAAAADHNraW49bm9za2luOwAAAAEAAAAsY3NtLWhpdD1zLTI0S1UxMUJCODJSWlNZR0ozQkRLfDE0MTk4OTkwMTI5OTYAAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAQAAAAE0hvc3Q6IGMudmlyc2Nhbi54eXoAAAAJAAAACnN6PTE2MHg2MDAAAAAJAAAAEW9lPW9lPUlTTy04ODU5LTE7AAAABwAAAAAAAAAFAAAAAnNuAAAACQAAAAZzPTM3MTcAAAAHAAAAAQAAAAMAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • jitter

    12800

  • polling_time

    15000

  • port_number

    80

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCJ7WqVmEJN5gRavgc4zEF2G8IObXw+bAGK5maCfugp1qxeadATwY9emd2E5gtGXzwcxo712CRjDQmnCe9jVY10h0KxhlPzFziR+XqTnFgYT2A9+t75VWeLc68HcMACxJrYH7QBkT3b0woODjXeXmJoGJT/wQ0eUUxTPwIVHyqRuwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /N4215/adj/MS.us.sr.aps

  • user_agent

    Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko

  • watermark

    1359593325

Targets

    • Target

      57ef2c7b9d34f6ebe5673e97eefc0feeaac7d1bfc5e5c9c6016412dafbec1d76

    • Size

      255KB

    • MD5

      8c90f4e68b516806faa0104270fe7513

    • SHA1

      9e329c096f90dbc479c8f2d581fcd7e761f3c6a2

    • SHA256

      57ef2c7b9d34f6ebe5673e97eefc0feeaac7d1bfc5e5c9c6016412dafbec1d76

    • SHA512

      778ad7fd3b1f2e74c5c09ccb31dd9f2e6f19b56816a9450003ca86a79db92b4897ad4b461745ee5acfa99697055fced3fa210666c4b2b6e05370a26f34a49912

    Score
    3/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks