General

  • Target

    1284-61-0x0000000033C70000-0x0000000033CED000-memory.dmp

  • Size

    500KB

  • MD5

    78168bf66937419fa709d0942179bd5e

  • SHA1

    80ee5daa0e2d83c19e84e49cba8de7dbbc39a0ce

  • SHA256

    f977c61bb0fb6c899e4bccd1af7ae68aa8b4bd43cbe99fa810943f35c733771a

  • SHA512

    e1942abf1135930a0979ee6da1b51050b1d3c3caab5b3663f10fd4e286052fbe860c42ac8355ae4664eb8f5bf471c4165d2de00127d456765591f9111c121678

  • SSDEEP

    3072:hOCSnbAsnYagGvxFlFUj2GV503dnWLC75oCRj4Uo98:/w/YZGJzOqGb03dL7CGj

Score
10/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

305419896

C2

http://1.15.67.80:443/admin/login

Attributes
  • access_type

    512

  • beacon_type

    2048

  • host

    1.15.67.80,/admin/login

  • http_header1

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAnUmVmZXJlcjogaHR0cHM6Ly93d3cuYmp0LmJlaWppbmcuZ292LmNuAAAABwAAAAAAAAADAAAAAgAAAApTRVNTSU9OSUQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAnUmVmZXJlcjogaHR0cHM6Ly93d3cuYmp0LmJlaWppbmcuZ292LmNuAAAABwAAAAAAAAADAAAAAgAAAAlKU0VTU0lPTj0AAAAGAAAABkNvb2tpZQAAAAcAAAABAAAAAwAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_method1

    GET

  • http_method2

    POST

  • maxdns

    255

  • polling_time

    5000

  • port_number

    443

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCTUlJ7J79z/MkkV8+MsYlOvREE2hhdGNzrKPFZ10lY0K5legA+um5JxESEaC0woDgSmOGrkh1giz/aQwd6tG4mihFgpi0oIbfwu6XZbE6ghYGyu2F7+A5TifRUzvU0YLXjK78EW12XhjHx4KopMF/AtOAueGwfiI2DmXwNzrBDvwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    3.82554112e+09

  • unknown2

    AAAABAAAAAEAAANBAAAAAgAAAqMAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /admin/user

  • user_agent

    Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

  • watermark

    305419896

Signatures

Files

  • 1284-61-0x0000000033C70000-0x0000000033CED000-memory.dmp