cobaltstrike | 1260-138-0x0000000001130000-0x0000000001171000-memory[.]dmp

Sharing

Copy URL Twitter E-mail

General

Target

1260-138-0x0000000001130000-0x0000000001171000-memory.dmp
Size

260KB
MD5

033b7743d9105de62b2fd96446fde660
SHA1

8b2e8b0b9390bd75c4bc05bf969f2a014f6da273
SHA256

17a9614bbe1e12cd030cbd78bf4de1abce7231dacc5ddc13371c1460ad49ce8d
SHA512

15f52d300dc564eb977844ca19bff2b213c06f7b1c692e1d6eca0d5ecca9a5ec2269de5849c6275f56e248ba375f9ecec538a8ecf5bb78ad6959ec53ac74400f
SSDEEP

3072:eLWfpVXfSRGAJMEKoGqGxnkz59VqePdiltuHNUm/jI7K3rj5jxUgaCTnTPBS:eLmfLoMEwm9V1Ijyz87K7djOKl

Score

10^/10

987654321 cobaltstrike

Malware Config

Extracted

Family

cobaltstrike

Botnet

987654321

http://adobetmcdn.net:443/ru_RU/index.html

Attributes

access_type
512
beacon_type
2048
host
adobetmcdn.net,/ru_RU/index.html
http_header1
AAAACgAAAGhBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LGltYWdlL2F2aWYsaW1hZ2Uvd2VicCxpbWFnZS9hcG5nLCovKixxPTAuOAAAAAoAAAA1Q29va2llOiBBS0FfQTI9MixmZWRzX3Zpc2l0b3JfaWQ9TkY1ZnpJdEFGUEN0aHZEZXJCbnIAAAAQAAAAD0hvc3Q6IGFkb2JlLmNvbQAAAAcAAAAAAAAADQAAAAUAAAAFdG9rZW4AAAAJAAAAJ2NhbGxiYWNrPWh0dHBzOi8vaW1zLW5hMS5hZG9iZWxvZ2luLmNvbQAAAAkAAAAUQWRvYmVJRD01ODI0NjEzNDU1ODcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAAEAAAAA9Ib3N0OiBhZG9iZS5jb20AAAAKAAAAR0FjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44AAAACgAAACBTZXNzaW9uLUlEOiBORjVmekl0QUZQQ3RodkRlckJucgAAAAoAAAA1Q29va2llOiBBS0FfQTI9MixmZWRzX3Zpc2l0b3JfaWQ9TkY1ZnpJdEFGUEN0aHZEZXJCbnIAAAAHAAAAAQAAAA0AAAAFAAAABmNsaWVudAAAAAkAAAAcc2Vzc2lvbj1ORjVmekl0QUZQQ3RodkRlckJucgAAAAcAAAAAAAAADQAAAAUAAAAIYWRvYmVfcnUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
jitter
5120
polling_time
30000
port_number
443
sc_process32
%ProgramFiles(x86)%\Microsoft\Edge\Application\msedge.exe
sc_process64
%ProgramFiles(x86)%\Microsoft\Edge\Application\msedge.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDZfHjdKD5x9PAQQe86OYXZZP+tsW180IjC/8kTi280xoIqHSydy2kBlPCr9BoBMy8kMsNGCRQekpR9dLPRMKODrT2qafCIRo0b+lgQPkJEcfOgy+R/JPPZOV3LydEMF0xfkwZ1tbrZfSWYGVVk0/WrusT6xEvqIndRcNEknVN5JQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
8192
unknown2
AAAABAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown3
1.610612736e+09
uri
/rest/v2/batchmbox
user_agent
Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
987654321

Signatures

Cobaltstrike family
cobaltstrike

Files

1260-138-0x0000000001130000-0x0000000001171000-memory.dmp