General
-
Target
JKOGBreMnomvmS.dll
-
Size
293KB
-
Sample
220808-x3fdbshaf5
-
MD5
05decc372f58871c8dfe738777934cbe
-
SHA1
0652b1bbda1343df3db7675ee71ef1ac6f43a331
-
SHA256
c569c168de91839e0c4eef3d0a1064f19d28d98387d2f92bd21c4271dddfee72
-
SHA512
2b965b8fb228dea16261988503c51e69e82381581a1677543297ca9c7cfd7bee723e5c044dea4e37d0aceed8929b38c5c07a6e6e649e25496a6f4e13ed29166f
Malware Config
Extracted
cobaltstrike
http://23.19.58.236:443/static-directory/ny.gif
-
user_agent
Host: google.co.in Connection: close Accept: */* Accept-Encoding: gzip User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 12_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0
Extracted
cobaltstrike
1580103814
http://23.106.223.143:443/copyright
http://212.114.52.88:443/copyright
http://23.97.80.108:443/r_config
http://212.24.177.80:443/copyright
-
access_type
512
-
beacon_type
2048
-
host
23.106.223.143,/copyright,212.114.52.88,/copyright,23.97.80.108,/r_config,212.24.177.80,/copyright
-
http_header1
AAAAEAAAABJIb3N0OiBnb29nbGUuY28uaW4AAAAKAAAAEUNvbm5lY3Rpb246IGNsb3NlAAAACgAAABZBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTAAAABwAAAAAAAAANAAAAAwAAAAIAAAAFU1NJRD0AAAAGAAAABkNvb2tpZQAAAAkAAAAJeWVzPWZhbHNlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAAEAAAABJIb3N0OiBnb29nbGUuY28uaW4AAAAKAAAAEUNvbm5lY3Rpb246IGNsb3NlAAAACgAAABlBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGJyAAAACgAAAC9Db250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZAAAAAcAAAABAAAACAAAAAMAAAACAAAACHNldHRpbmc9AAAABAAAAAcAAAAAAAAAAwAAAAIAAAAOX19zZXNzaW9uX19pZD0AAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
3072
-
polling_time
5000
-
port_number
443
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCiKrvWqtox8v9f4o17ojtKcMOfXS9T51wr/HkT2qrHjMMOFRrV7YYs61BBAvnNaGnJtVbKdZ6azRZNEsvlQgLV1ZI8rRsQRtf9qWXtBWYuLewTHMqQ1cYR3ytkyykkhHOIujHl+ns3Tl5LZXx108Z9ywqytG0LnrF3W3MkaCfyKQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4.43751424e+08
-
unknown2
AAAABAAAAAIAAAFSAAAAAwAAAA0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/bn
-
user_agent
Mozilla/5.0 (iPhone; CPU iPhone OS 12_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0
-
watermark
1580103814
Targets
-
-
Target
JKOGBreMnomvmS.dll
-
Size
293KB
-
MD5
05decc372f58871c8dfe738777934cbe
-
SHA1
0652b1bbda1343df3db7675ee71ef1ac6f43a331
-
SHA256
c569c168de91839e0c4eef3d0a1064f19d28d98387d2f92bd21c4271dddfee72
-
SHA512
2b965b8fb228dea16261988503c51e69e82381581a1677543297ca9c7cfd7bee723e5c044dea4e37d0aceed8929b38c5c07a6e6e649e25496a6f4e13ed29166f
Score10/10-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-