Overview

overview

10

Static

static

10

add.mp4a

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    add.mp4a

  • Size

    205KB

  • MD5

    bd0cdb61dd6cfe6d8c4ad8c2581692fb

  • SHA1

    0c5ca90e4959f2814d5a924ccfb4674b9b0b9145

  • SHA256

    634e2ba9966bd48273c6c57f47f0d10a520b48d66f2ad6056dbca5fc6f4d40f0

  • SHA512

    291673da4355e440668cfc33716a22212bcab915841e4c245f6118dde279516324f7d158fea0c3ac293824106f7b22354a00489c5f02443e87857db9a52c1e70

  • SSDEEP

    6144:yV9g76osJUax6z0wtm0gdUtxBmB64N6Ki:bSx6zg09FD

Score
10/10
426352781cobaltstrike

Malware Config

Extracted

Family

cobaltstrike

Botnet

426352781

C2

http://194.165.16.64:80/risk.ico

Attributes
  • access_type

    512

  • host

    194.165.16.64,/risk.ico

  • http_header1

    AAAAEAAAABFIb3N0OiBvbmVmaWxlLmljdQAAAAoAAAARQ29ubmVjdGlvbjogY2xvc2UAAAAKAAAALUFjY2VwdC1MYW5ndWFnZTogZGUtREUsIGRlLUFUO3E9MC45LCBkZTtxPTAuOAAAAAcAAAAAAAAACAAAAAMAAAACAAAABU9BSUQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAAEAAAABFIb3N0OiBvbmVmaWxlLmljdQAAAAoAAAARQ29ubmVjdGlvbjogY2xvc2UAAAAKAAAAGENvbnRlbnQtVHlwZTogdGV4dC9wbGFpbgAAAAcAAAABAAAADwAAAAMAAAAEAAAABwAAAAAAAAADAAAAAgAAAA5fX3Nlc3Npb25fX2lkPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • jitter

    21248

  • polling_time

    39

  • port_number

    80

  • sc_process32

    %windir%\syswow64\WerFault.exe

  • sc_process64

    %windir%\sysnative\WerFault.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCOdMwUMnvAxRX/XyAYd426qe5j46neR6py15dx/DRabXukZC6y9EBvktE5c/8ZPIulFiBTC4ic7ttmeilAfy+gsuG+ythNTLN+qJ4bcjrB5WiSsqghmpv5aH4A1/V5M4w0poTqxlgp02pQNHVPRXlJk7AHDCZs6ccByZbPcuBsuQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4.289407488e+09

  • unknown2

    AAAABAAAAAIAAAFTAAAAAwAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /target

  • user_agent

    Mozilla/5.0 (Linux; arm; Android 10; BMH-AN10) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 YaBrowser/21.6.1.137.00 SA/3 Mobile Safari/537.36

  • watermark

    426352781

Signatures

Files

  • add.mp4a