General

  • Target

    calc.zip

  • Size

    107KB

  • Sample

    220930-m9mqwaddc5

  • MD5

    0ca6d5e453792bbf7d20831cbbdb8559

  • SHA1

    704978a9e904f23ebff12ceec6ee9206978cf57a

  • SHA256

    12d5db621bcd8ace97296834a9526fb6a4cfc50cc8b40584fd247d5f3c277eb1

  • SHA512

    0636e416e351ce45a0af816ab18f14e27555a479d1df3b7589aafba10588827c37321e8e61fab88835c8e0b4e41c021c6edefe41f896485bd1944b7f3940ee61

  • SSDEEP

    3072:wehUJ4A32sZdb8cKVWFRlNMYWfWsNPKU3F5Jm6U:1OJjZdIWFLWW8PZJm6U

Score
10/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

305419896

C2

http://192.168.1.20:443/ptj

Attributes
  • access_type

    512

  • beacon_type

    2048

  • host

    192.168.1.20,/ptj

  • http_header1

    AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_method1

    GET

  • http_method2

    POST

  • maxdns

    255

  • polling_time

    60000

  • port_number

    443

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCnCZHWnYFqYB/6gJdkc4MPDTtBJ20nkEAd3tsY4tPKs8MV4yIjJb5CtlrbKHjzP1oD/1AQsj6EKlEMFIKtakLx5+VybrMYE+dDdkDteHmVX0AeFyw001FyQVlt1B+OSNPRscKI5sh1L/ZdwnrMy6S6nNbQ5N5hls6k2kgNO5nQ7QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /submit.php

  • user_agent

    Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

  • watermark

    305419896

Targets

    • Target

      calc.exe

    • Size

      204KB

    • MD5

      9590936149f3ad655e6c6e6e40ffd309

    • SHA1

      580c1ca3d1d22bfe3ebbf47de4e82465217f3230

    • SHA256

      39c19171dd55fa81f755f1aa3e431999ece285f50af34331e651a25952e2906e

    • SHA512

      b1eaf581df67fbac53fc0f1b2061737a15470b415c8e2d429405704a3b60d27cad41ca84020e7a40d43e21760aad542e1db431b7cd9c499c5b1bbb1bc1db314b

    • SSDEEP

      3072:5dFna2JSkcrnYSdM50RAXSPy0qUiS0Lxh5H4evyzUhjQUc5Gy:FRYkcrY4MCIt07iPlvU0jy

    Score
    3/10

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks