Overview

overview

10

Static

static

10

aasd.ps1

windows7-x64

8

aasd.ps1

windows10-2004-x64

8

Resubmissions

19-09-2022 14:34

220919-rxg23sdab5 10

19-09-2022 14:30

220919-rvd8eaggaj 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    aasd

  • Size

    194KB

  • MD5

    d5bda808df861bbda7835e9cc88bf8f8

  • SHA1

    d8044382a5f1e3f855d1882e7d6447fc1111947e

  • SHA256

    702722319c2f771675257417051213d26a9709ef6dd1c867e093e6f407fcdfae

  • SHA512

    9a758e4bc523529f8264622d047a5ea6c2a69d01887db22c919f681e4c2a69b15e6f540076f1c99e386ef4985ac5047d284abb40c8a8a0b8c4b29d0ea0ca98d0

  • SSDEEP

    3072:BN3qRnrPNhO0Vm9AdbTPJls5JeuGsP32mF4WQx8x8AYjmY8yoZNBd0Y2Du5/ASQt:6RjtVuwT/s5J7zGdZC28yYH0KB7+

Score
10/10
426352781cobaltstrike

Malware Config

Extracted

Family

cobaltstrike

Botnet

426352781

C2

http://194.165.16.95:443/retire

Attributes
  • access_type

    512

  • beacon_type

    2048

  • host

    194.165.16.95,/retire

  • http_header1

    AAAAEAAAABFIb3N0OiBzZWNmb2xkLmljdQAAAAoAAAARQ29ubmVjdGlvbjogY2xvc2UAAAAKAAAALEFjY2VwdC1MYW5ndWFnZTogemgsIGVuLXVzOyBxPTAuOCwgZW47IHE9MC42AAAABwAAAAAAAAALAAAAAwAAAAIAAAAKUEhQU0VTU0lEPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAAEAAAABFIb3N0OiBzZWNmb2xkLmljdQAAAAoAAAARQ29ubmVjdGlvbjogY2xvc2UAAAAKAAAAGENvbnRlbnQtVHlwZTogdGV4dC9wbGFpbgAAAAcAAAABAAAACAAAAAMAAAAEAAAABwAAAAAAAAADAAAAAgAAAA5fX3Nlc3Npb25fX2lkPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • jitter

    10496

  • polling_time

    45

  • port_number

    443

  • sc_process32

    %windir%\syswow64\WerFault.exe

  • sc_process64

    %windir%\sysnative\WerFault.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDDHnqnVyc3cL05p/3tOUOe0XIw82q/kHXvIEw7vC8SVXOfbENCi/gidKO0Gyai02hiRW9e/bxfWyC4S4tytPul6+1KfVZLCt4i4zwY+aqiAHQA4QqjG2y9itnHgT0YfnjWhNer7uxOVt14tTkA62fi+fbZinxdlmSgHdux7MsFlQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4.289407488e+09

  • unknown2

    AAAABAAAAAIAAAFTAAAAAwAAAAsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /clean

  • user_agent

    Mozilla/5.0 (Linux; Android 11; SM-A025F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.85 Mobile Safari/537.36

  • watermark

    426352781

Signatures

Files

  • aasd
    .ps1