Overview

overview

10

Static

static

10

1.dll

windows7-x64

1

1.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1.txt

  • Size

    260KB

  • Sample

    230316-c68h3aah6t

  • MD5

    f9a471926b2dcbaadb1786ff779928b7

  • SHA1

    6d9ac46890c9f89dc3a8163df28f495654c847bd

  • SHA256

    c6aeacf7b22a271df13afd336a073af80f601c3ae937a6fb8178700201c9a281

  • SHA512

    3ef700ecd458cc929196597747cad0cfeb7f9f97a92e7dba54a6a93f546d3301a627f53f7a2d5961bff9da5dc93050712ed388bc3b733ba8ebec394f2e5fc04e

  • SSDEEP

    6144:oJqVG5d1IpCyibgkTZI6jHID90amBXoH/:o3d6Levox2BXO

Score
10/10
cobaltstrike99999

Malware Config

Extracted

Family

cobaltstrike

Botnet

99999

C2

http://139.224.31.216:443/auth/data

Attributes
  • access_type

    512

  • beacon_type

    2048

  • host

    139.224.31.216,/auth/data

  • http_header1

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAcAAAAAAAAAAwAAAAIAAAAKU0VTU0lPTklEPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAcAAAAAAAAAAwAAAAIAAAAJSlNFU1NJT049AAAABgAAAAZDb29raWUAAAAHAAAAAQAAAAMAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • jitter

    5120

  • polling_time

    10000

  • port_number

    443

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl6B9KHJBh5wWNcLL2R+Nhku9DaNu1GWr9gEkTlJ4mqsbIskd9p3Ty+RBFRlUQsuiS1ZkeJIrMZbwKkDh+tX2jqSgaE/lf2Y6sHZ97koeK318W42qjUEWjcXdhwkRPbUUoPqSJG7+4Ib1x7xJBJ/unLbEZ3Xry2FJ7+25SAJQDQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    1.481970944e+09

  • unknown2

    AAAABAAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /auth-server/token

  • user_agent

    Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/539.39 (KHTML, like Gecko) Chrome/92.0.4519.137 Safari/539.39

  • watermark

    99999

Targets

    • Target

      1.txt

    • Size

      260KB

    • MD5

      f9a471926b2dcbaadb1786ff779928b7

    • SHA1

      6d9ac46890c9f89dc3a8163df28f495654c847bd

    • SHA256

      c6aeacf7b22a271df13afd336a073af80f601c3ae937a6fb8178700201c9a281

    • SHA512

      3ef700ecd458cc929196597747cad0cfeb7f9f97a92e7dba54a6a93f546d3301a627f53f7a2d5961bff9da5dc93050712ed388bc3b733ba8ebec394f2e5fc04e

    • SSDEEP

      6144:oJqVG5d1IpCyibgkTZI6jHID90amBXoH/:o3d6Levox2BXO

    Score
    3/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks