Resubmissions

20-07-2023 02:57

230720-dfp5gach9v 10

31-01-2023 07:41

230131-jjcanshb9x 10

General

  • Target

    悬赏1w收到这组苹果代码的联系我 .exe

  • Size

    2.7MB

  • Sample

    230131-jjcanshb9x

  • MD5

    4b3ccee2b42858c38612853cb5550acf

  • SHA1

    19d1707b393b214d5aaf4e1bc66d12c1b16955be

  • SHA256

    71bf6619ee3fccd8197a973907809f6df347304d4d848f6aa7cfdf80968c0c42

  • SHA512

    42289cb63620f14102d801bfcb42942d1d86a1d4723925b20fde9ad8f481dabb19606751bf56f4dfbc78ec93b86ab6c8fb2183d92242470d2edec17995eaf6a5

  • SSDEEP

    49152:UG5S4ao5/nJMPmOr0vJV+N2b3wyHDOk4kJtWEJaE02GQrnbboG1/XHELm9Do:UGWcfJMVoL7TwCyvE02Bh1/3EuD

Malware Config

Extracted

Family

cobaltstrike

Botnet

305419896

C2

http://101.43.16.149:80/admin/login

Attributes
  • access_type

    512

  • host

    101.43.16.149,/admin/login

  • http_header1

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAnUmVmZXJlcjogaHR0cHM6Ly93d3cuYmp0LmJlaWppbmcuZ292LmNuAAAABwAAAAAAAAADAAAAAgAAAApTRVNTSU9OSUQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAnUmVmZXJlcjogaHR0cHM6Ly93d3cuYmp0LmJlaWppbmcuZ292LmNuAAAABwAAAAAAAAADAAAAAgAAAAlKU0VTU0lPTj0AAAAGAAAABkNvb2tpZQAAAAcAAAABAAAAAwAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_method1

    GET

  • http_method2

    POST

  • maxdns

    255

  • polling_time

    5000

  • port_number

    80

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCTUlJ7J79z/MkkV8+MsYlOvREE2hhdGNzrKPFZ10lY0K5legA+um5JxESEaC0woDgSmOGrkh1giz/aQwd6tG4mihFgpi0oIbfwu6XZbE6ghYGyu2F7+A5TifRUzvU0YLXjK78EW12XhjHx4KopMF/AtOAueGwfiI2DmXwNzrBDvwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    3.82554112e+09

  • unknown2

    AAAABAAAAAEAAANBAAAAAgAAAqMAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /admin/user

  • user_agent

    Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

  • watermark

    305419896

Targets

    • Target

      悬赏1w收到这组苹果代码的联系我 .exe

    • Size

      2.7MB

    • MD5

      4b3ccee2b42858c38612853cb5550acf

    • SHA1

      19d1707b393b214d5aaf4e1bc66d12c1b16955be

    • SHA256

      71bf6619ee3fccd8197a973907809f6df347304d4d848f6aa7cfdf80968c0c42

    • SHA512

      42289cb63620f14102d801bfcb42942d1d86a1d4723925b20fde9ad8f481dabb19606751bf56f4dfbc78ec93b86ab6c8fb2183d92242470d2edec17995eaf6a5

    • SSDEEP

      49152:UG5S4ao5/nJMPmOr0vJV+N2b3wyHDOk4kJtWEJaE02GQrnbboG1/XHELm9Do:UGWcfJMVoL7TwCyvE02Bh1/3EuD

    • Cobaltstrike

      Detected malicious payload which is part of Cobaltstrike.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      out.upx

    • Size

      5.5MB

    • MD5

      f51e459f397ee21ccadaf44640cb1ded

    • SHA1

      f1d95643c6f082f0e5e0dd0dfd5aad18ec94ec66

    • SHA256

      f84cd77c121b59786df806797b43c0400677322155f4598007d3834fdb867dd5

    • SHA512

      168ee6428e1e4e65e632fc1b8f53cbb597fde3a50c0b9996e87dd51af46210e8c156014ad9b49ad575ba64ce10842cb33132c31a36ff32a6e5a71307705cad9f

    • SSDEEP

      49152:8+3YJagp17Yrb/TovO90dL3BmAFd4A64nsfJ0DYeq+aSZ+EIPVQdxLtevJ1ZfqQ7:8+WhExwJS6EvJ1gvk/XYGEhD

    Score
    1/10

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Discovery

System Information Discovery

1
T1082

Tasks