Overview

overview

10

Static

static

10

training

windows7-x64

1

training

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    training

  • Size

    204KB

  • Sample

    221020-jxac8scge6

  • MD5

    25cd3ad7f60ce1ecb09b16556cbba2dc

  • SHA1

    84c71cf880b4907baf1f8916b2188d69f17de45a

  • SHA256

    56471e1ecf2833e7700784429e98f678ee96cde91516725fc40a536c58d5d228

  • SHA512

    5b7efe6af38ebb5cec07bbacb0b9fd24cfb3e0c397eb67fb9bbd3950044276ce6faf042ddccdc5628845b78054ab31264727f617c3dee230e835b5b63963fc82

  • SSDEEP

    6144:YAWvDMRXwNxHRpBn6za1QfZkZkE8Ju+aL:YAWvD6XwNxHRv6zaqfZkZk74+O

Score
10/10
cobaltstrike305419896

Malware Config

Extracted

Family

cobaltstrike

Botnet

305419896

C2

http://39.103.189.229:8089/__utm.gif

Attributes
  • access_type

    512

  • host

    39.103.189.229,/__utm.gif

  • http_header1

    AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_method1

    GET

  • http_method2

    POST

  • maxdns

    255

  • polling_time

    60000

  • port_number

    8089

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCejXBRuoPFmtFe+6WRLqyDz4K/WFXJH93gyCfL2olrlDG7DzjjAu8Eaq6obgDvneahzTW4wcNOLcxupAn8EnxFlCtXndFxyS3dfKUFyX0CUY3Q4CxNepe269VbDSCaBmZ1SJEn0HNrE1fSpTA8C+wVtiNayM6rrHDYQb9ztqXJvwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /submit.php

  • user_agent

    Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)

  • watermark

    305419896

Targets

    • Target

      training

    • Size

      204KB

    • MD5

      25cd3ad7f60ce1ecb09b16556cbba2dc

    • SHA1

      84c71cf880b4907baf1f8916b2188d69f17de45a

    • SHA256

      56471e1ecf2833e7700784429e98f678ee96cde91516725fc40a536c58d5d228

    • SHA512

      5b7efe6af38ebb5cec07bbacb0b9fd24cfb3e0c397eb67fb9bbd3950044276ce6faf042ddccdc5628845b78054ab31264727f617c3dee230e835b5b63963fc82

    • SSDEEP

      6144:YAWvDMRXwNxHRpBn6za1QfZkZkE8Ju+aL:YAWvD6XwNxHRv6zaqfZkZk74+O

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks