Overview

overview

10

Static

static

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    1972-55-0x00000000008E0000-0x000000000091E000-memory.dmp

  • Size

    248KB

  • MD5

    02154a062308235fb525399595265b1a

  • SHA1

    0a014518f60df3919532d9e5432a04df6b236923

  • SHA256

    19c9e6f7206d1997c975c86f7360b3513754a4142a70caf1748aad8174a8be19

  • SHA512

    33843c85460887ac114330308df27fcb128cfb01e85c22a454f72e0ae2a77b8066c6d5f974d18fe6eef8fdc2d13c8dcc76b0dcd4e70d48259d6aea29231c1d3c

  • SSDEEP

    3072:0hXHTYkghrvkifGIGiwRmmeVsMg3MnPxAV70PIhHiqJjlUAUjxl:SXKhTkSMmdVsMg3MPxXPIJhjVU

Score
10/10
1670873463cobaltstrike

Malware Config

Extracted

Family

cobaltstrike

Botnet

1670873463

C2

http://20.104.209.69:8082/broadcast

Attributes
  • access_type

    512

  • host

    20.104.209.69,/broadcast

  • http_header1

    AAAACgAAAClBY2NlcHQ6IGFwcGxpY2F0aW9uL2pzb24sIHRleHQvcGxhaW4sICovKgAAAAoAAAAfQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuNQAAAAoAAAAeT3JpZ2luOiBodHRwczovL3d3dy5hbWF6b24uY29tAAAACgAAAB9SZWZlcmVyOiBodHRwczovL3d3dy5hbWF6b24uY29tAAAACgAAABVTZWMtRmV0Y2gtRGVzdDogZW1wdHkAAAAKAAAAFFNlYy1GZXRjaC1Nb2RlOiBjb3JzAAAACgAAABpTZWMtRmV0Y2gtU2l0ZTogY3Jvc3Mtc2l0ZQAAAAoAAAAMVGU6IHRyYWlsZXJzAAAABwAAAAAAAAADAAAABgAAABB4LWFtem4tUmVxdWVzdElkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAeT3JpZ2luOiBodHRwczovL3d3dy5hbWF6b24uY29tAAAABwAAAAEAAAANAAAAAgAAAPR7ImV2ZW50cyI6W3siZGF0YSI6eyJzY2hlbWFJZCI6ImNzYS5WaWRlb0ludGVyYWN0aW9ucy4xIiwiYXBwbGljYXRpb24iOiJSZXRhaWw6UHJvZDosInJlcXVlc3RJZCI6Ik1CRlY4MlRUUVYySk5CS0pKNTBCIiwidGl0bGUiOiJBbWF6b24uY29tLiBTcGVuZCBsZXNzLiBTbWlsZSBtb3JlLiIsInN1YlBhZ2VUeXBlIjoiZGVza3RvcCIsInNlc3Npb24iOnsiaWQiOiIxMzMtOTkwNTA1NS0yNjc3MjY2In0sInZpZGVvIjp7ImlkIjoiAAAAAQAAAAIiCgAAAAEAAAB1InBsYXllck1vZGUiOiJJTkxJTkUiLCJ2aWRlb1JlcXVlc3RJZCI6Ik1CRlY4MlRUUVYySk5CS0pKNTBCIiwiaXNBdWRpb09uIjoiZmFsc2UiLCJwbGF5ZXIiOiJJVlMiLCJldmVudCI6Ik5PTkUifX19fV19AAAABAAAAAcAAAAAAAAADQAAAAYAAAAJeC1hbXotcmlkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • jitter

    6912

  • polling_time

    38500

  • port_number

    8082

  • sc_process32

    %windir%\syswow64\gpupdate.exe

  • sc_process64

    %windir%\sysnative\gpupdate.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIKKxbE/gYqcmA3obzMDfhdAHMTL1eLmrARoMnP2OGFghH+v65VbWWE6pv024MpWwey4ICv51fNberxtoCWn3cbk6zXUIWYf6QMnJolWac+i3e1gDSQ69OK842RJVW4zNa6c9SpkQqFwueyopGg3A2YV0VunOa8HHB90XGkdNQ9QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    9.28716032e+08

  • unknown2

    AAAABAAAAAEAAAUcAAAAAQAAAAEAAAACAAAAwgAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /1/events/com.amazon.csm.csa.prod

  • user_agent

    Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

  • watermark

    1670873463

Signatures

Files

  • 1972-55-0x00000000008E0000-0x000000000091E000-memory.dmp