Overview

overview

10

Static

static

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cobaltstrike.payload-disk-3

  • Size

    208KB

  • MD5

    5484f02254b50fc5f84db8d8b7f117b5

  • SHA1

    4d9bccc261d27150f144876f897bcd82e6fb8be5

  • SHA256

    97326eda7b22a792e3fa3f0b21de7e9050b55e8f032a46fd2fbb56dfaf52767a

  • SHA512

    f63f1cbfa409833cd9129cfb35aff52ff3d85bbc622335c1f3c445f010aa3869e8976f5a46d91f3cf30131637f9fd4c19bf8f07dbd47f3c5694b83ba55a114ad

  • SSDEEP

    3072:Y+FcIvEbJvYdGVWwk4Kj6olpR2B5f4dS/L4jjZUn7w6E:5HEbJAZwBqplpAX/Lmj2bE

Score
10/10
0cobaltstrike

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

C2

http://metrotownhouse.com:443/fromdefault

Attributes
  • access_type

    512

  • beacon_type

    2048

  • host

    metrotownhouse.com,/fromdefault

  • http_header1

    AAAACgAAABBIb3N0OiB3d3cucXEuY29tAAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAAAoAAAAfQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuNQAAAAoAAAAZQWNjZXB0LUVuY29kaW5nOiBnemlwLCBicgAAAAcAAAAAAAAADwAAAAMAAAACAAAACmNtX2Nvb2tpZT0AAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAACgAAABBIb3N0OiB3d3cucXEuY29tAAAACgAAAClBY2NlcHQ6IGFwcGxpY2F0aW9uL2pzb24sIHRleHQvcGxhaW4sICovKgAAAAoAAAAVQWNjZXB0LUVuY29kaW5nOiBnemlwAAAABwAAAAAAAAAPAAAAAwAAAAIAAAAKY21fY29va2llPQAAAAYAAAAGQ29va2llAAAABwAAAAEAAAAPAAAAAwAAAAIAAAAQeyJwYWdlIjowLCJ1aW4iOgAAAAEAAAAOLCJwYWdlU2l6ZSI6NH0AAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_method1

    GET

  • http_method2

    POST

  • jitter

    7168

  • maxdns

    248

  • polling_time

    300

  • port_number

    443

  • sc_process32

    %windir%\syswow64\eventvwr.exe

  • sc_process64

    %windir%\sysnative\eventvwr.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCe/BbluAuJiEM1dzUGJ2QqTti+BK9XBXGE5/MX1wd2aV0vFRiMpGKf6AH6h00ZI7IXE4FBrKqHIPThXVyZbhigRTu3NEiMeGzHz8to9YH+eYcXOzZrbVZOrgzFFUibc9XiapchkSiid5Bwj2LtJi/rq0XX1aFaMrTP5gTIafzoJwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    1.001138688e+09

  • unknown2

    AAAABAAAAAEAAACOAAAAAgAAAPUAAAADAAAACAAAAA8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /app

  • user_agent

    Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36

  • watermark

    0

Signatures

Files

  • cobaltstrike.payload-disk-3