Overview

overview

10

Static

static

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    3084-136-0x000001F6A1C80000-0x000001F6A20F2000-memory.dmp

  • Size

    4.4MB

  • MD5

    7108832f374bc23149d62d987fd279ec

  • SHA1

    cb74e513e45fe076aa93f59258ef84034c3b9f81

  • SHA256

    e09e3e60743a24dc407517f1c8cd0b55928e2ea7e3698f89c80464379ddbb8ea

  • SHA512

    e001d12cffd397c3719b10440f2cb85a89dc005e0f9e43e62e1d189256b47cc9dd8a0e3651ba9c7595d56153d2b1108959f200349829a1e6bf11cc0f2b410c35

  • SSDEEP

    3072:lKYVN9dY26x4HmidL7RB6H5+JOR6+dlTm/ba7aRfE3+JtD90zhaaCAgMmYJFZF8M:lKYlHRJWH5+A/TMa2By+jD90zhvmTq

Score
10/10
0cobaltstrike

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

C2

http://check.update.fia-gov.org:53/jquery-3.3.1.min.js

http://lms.update.fia-gov.org:53/jquery-3.3.1.min.js

http://scan.update.fia-gov.org:53/jquery-3.3.1.min.js
Attributes
  • access_type

    512

  • beacon_type

    256

  • dns_idle

    1.908702538e+09

  • host

    check.update.fia-gov.org,/jquery-3.3.1.min.js,lms.update.fia-gov.org,/jquery-3.3.1.min.js,scan.update.fia-gov.org,/jquery-3.3.1.min.js

  • http_method1

    GET

  • http_method2

    POST

  • jitter

    9472

  • maxdns

    255

  • polling_time

    45000

  • port_number

    53

  • sc_process32

    %windir%\syswow64\dllhost.exe

  • sc_process64

    %windir%\sysnative\dllhost.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCnOM3nXx+7HBhkbDd+AwFrFisSunK999w2tM0uTpuuEiBalcJhcL+QgQWtf6S7zPp5hjImG+2YcPl18geU4f5JlSPXHwilbK4DFb/ePWyKFjhrA7emVRqhM21QMlo1ANsn14rY/RO2pzuft8P7TXoIjjI/B2GGVuzYNZX6X4I2EwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4.234810624e+09

  • watermark

    0

Signatures

Files

  • 3084-136-0x000001F6A1C80000-0x000001F6A20F2000-memory.dmp