General
-
Target
2023-02-23-DLL-for-Cobalt-Strike.bin.exe
-
Size
270KB
-
Sample
230227-vddgbsed9s
-
MD5
f797ff18e5508da7ed1732b11d800298
-
SHA1
c140b7365e85234eb7eed3c5e048cba40553c8e4
-
SHA256
8518d86b514edfb1ff301d6526e4fbbc0d65aec52442dc108e0797a34c334879
-
SHA512
3f203621883e4206cbdb17d1088a314215df343820fa81b63bceb952e182b7a11e497fa7c6a3cb62a5f6fdeb02f47186e2744a274a47127172b16a55c0b10b55
-
SSDEEP
6144:cUyU+8VVVOjeoo64Kk4OjrpwibuNe1wOTLmw2AyIk5UnrKM:cURp/OjHv4Kk1jNwauNe1wOTv2AUUr
Malware Config
Extracted
cobaltstrike
674054486
http://aspnetcenter.com:80/da.html
-
access_type
512
-
host
aspnetcenter.com,/da.html
-
http_header1
AAAAEAAAABZIb3N0OiBhc3BuZXRjZW50ZXIuY29tAAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAASQWNjZXB0OiBpbWFnZS9qcGVnAAAABwAAAAAAAAANAAAAAwAAAAIAAAArd29yZHByZXNzX2VkMWY2MTdiYmQ2YzAwNGNjMDllMDQ2ZjNjMWI3MTQ4PQAAAAYAAAAGQ29va2llAAAACQAAAAtjbG9zZT1mYWxzZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAAEAAAABZIb3N0OiBhc3BuZXRjZW50ZXIuY29tAAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAAYQ29udGVudC1UeXBlOiB0ZXh0L3BsYWluAAAABwAAAAEAAAAPAAAAAwAAAAQAAAAHAAAAAAAAAAMAAAACAAAADl9fc2Vzc2lvbl9faWQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
9984
-
polling_time
61087
-
port_number
80
-
sc_process32
%windir%\syswow64\svchost.exe
-
sc_process64
%windir%\sysnative\svchost.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCaOo5rF6Su5XwDYKaa12zhYBHbNfY0tiYLq5ie1hnYJXdJdX2YuRSZweHXUPVDRZwvMUrqwkU7gtWHicG4INfV98YVyMrLdhmHZUBi/YOdcZWHZtHLvFD/NW9lLjMwM01/EKLSqFT1/E5dI9JtxxJQfr6PCkxheOSphMCxmlr4xQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
5.44480256e+08
-
unknown2
AAAABAAAAAIAAAJYAAAAAwAAAA0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/mobile-ipad-home
-
user_agent
Mozilla/5.0 (Linux; Android 7.0; Pixel C Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0
-
watermark
674054486
Targets
-
-
Target
2023-02-23-DLL-for-Cobalt-Strike.bin.exe
-
Size
270KB
-
MD5
f797ff18e5508da7ed1732b11d800298
-
SHA1
c140b7365e85234eb7eed3c5e048cba40553c8e4
-
SHA256
8518d86b514edfb1ff301d6526e4fbbc0d65aec52442dc108e0797a34c334879
-
SHA512
3f203621883e4206cbdb17d1088a314215df343820fa81b63bceb952e182b7a11e497fa7c6a3cb62a5f6fdeb02f47186e2744a274a47127172b16a55c0b10b55
-
SSDEEP
6144:cUyU+8VVVOjeoo64Kk4OjrpwibuNe1wOTLmw2AyIk5UnrKM:cURp/OjHv4Kk1jNwauNe1wOTv2AUUr
Score1/10 -