Overview

overview

10

Static

static

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    964-55-0x00000000003A0000-0x00000000003DE000-memory.dmp

  • Size

    248KB

  • MD5

    f0135035dbb4711b6aceaf14547feedb

  • SHA1

    dbc0b72962f81bea05a6ef3627477ed5520d2a77

  • SHA256

    9613cdeaf70658a6bb6a9aa1349865f9dddc6299aa3b9a3c18b1521185537f70

  • SHA512

    5ee69495f389c15558c5eea2f639c59a1bc152bda7aafc063f12f141b856d9cbeeb5bdd1f45c1d05359d284a9a87414a3a44cddcf4b5b46fae5e01d56f130b09

  • SSDEEP

    3072:8NRhDv48A1rTM6gONGIG6M53y+wEbILHN8os7HUHERf5jFUoUvV/l:ORha1vMJOl4i+wEbMHNps4HERhjlU

Score
10/10
1670873463cobaltstrike

Malware Config

Extracted

Family

cobaltstrike

Botnet

1670873463

C2

http://20.104.209.69:8082/broadcast

Attributes
  • access_type

    512

  • host

    20.104.209.69,/broadcast

  • http_header1

    AAAACgAAAClBY2NlcHQ6IGFwcGxpY2F0aW9uL2pzb24sIHRleHQvcGxhaW4sICovKgAAAAoAAAAfQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuNQAAAAoAAAAeT3JpZ2luOiBodHRwczovL3d3dy5hbWF6b24uY29tAAAACgAAAB9SZWZlcmVyOiBodHRwczovL3d3dy5hbWF6b24uY29tAAAACgAAABVTZWMtRmV0Y2gtRGVzdDogZW1wdHkAAAAKAAAAFFNlYy1GZXRjaC1Nb2RlOiBjb3JzAAAACgAAABpTZWMtRmV0Y2gtU2l0ZTogY3Jvc3Mtc2l0ZQAAAAoAAAAMVGU6IHRyYWlsZXJzAAAABwAAAAAAAAADAAAABgAAABB4LWFtem4tUmVxdWVzdElkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAeT3JpZ2luOiBodHRwczovL3d3dy5hbWF6b24uY29tAAAABwAAAAEAAAANAAAAAgAAAPR7ImV2ZW50cyI6W3siZGF0YSI6eyJzY2hlbWFJZCI6ImNzYS5WaWRlb0ludGVyYWN0aW9ucy4xIiwiYXBwbGljYXRpb24iOiJSZXRhaWw6UHJvZDosInJlcXVlc3RJZCI6Ik1CRlY4MlRUUVYySk5CS0pKNTBCIiwidGl0bGUiOiJBbWF6b24uY29tLiBTcGVuZCBsZXNzLiBTbWlsZSBtb3JlLiIsInN1YlBhZ2VUeXBlIjoiZGVza3RvcCIsInNlc3Npb24iOnsiaWQiOiIxMzMtOTkwNTA1NS0yNjc3MjY2In0sInZpZGVvIjp7ImlkIjoiAAAAAQAAAAIiCgAAAAEAAAB1InBsYXllck1vZGUiOiJJTkxJTkUiLCJ2aWRlb1JlcXVlc3RJZCI6Ik1CRlY4MlRUUVYySk5CS0pKNTBCIiwiaXNBdWRpb09uIjoiZmFsc2UiLCJwbGF5ZXIiOiJJVlMiLCJldmVudCI6Ik5PTkUifX19fV19AAAABAAAAAcAAAAAAAAADQAAAAYAAAAJeC1hbXotcmlkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • jitter

    6912

  • polling_time

    38500

  • port_number

    8082

  • sc_process32

    %windir%\syswow64\gpupdate.exe

  • sc_process64

    %windir%\sysnative\gpupdate.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIKKxbE/gYqcmA3obzMDfhdAHMTL1eLmrARoMnP2OGFghH+v65VbWWE6pv024MpWwey4ICv51fNberxtoCWn3cbk6zXUIWYf6QMnJolWac+i3e1gDSQ69OK842RJVW4zNa6c9SpkQqFwueyopGg3A2YV0VunOa8HHB90XGkdNQ9QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    9.28716032e+08

  • unknown2

    AAAABAAAAAEAAAUcAAAAAQAAAAEAAAACAAAAwgAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /1/events/com.amazon.csm.csa.prod

  • user_agent

    Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

  • watermark

    1670873463

Signatures

Files

  • 964-55-0x00000000003A0000-0x00000000003DE000-memory.dmp