Overview

overview

10

Static

static

10

cobaltstrike.dll

windows7-x64

1

cobaltstrike.dll

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    cobaltstrike.payload-disk

  • Size

    255KB

  • MD5

    94484646ebceffa0cd6d9758d022bf57

  • SHA1

    5d478bcca97363a34ff5b790da48fd255deb1bf8

  • SHA256

    265b21d24afdce79aab23679b6439378171e215b2963007a3098b10641bd0e47

  • SHA512

    420bd89dfae9098fa7cc9ac6f9e6661d60ce9648e6c79a05d651055e1dce6d01433ff0afeecbd7bbaf24ed6866a33287e39d7e28ed08976ac494a890f456f1e0

  • SSDEEP

    3072:q+hFqLfFLFgtTcueQpQkGAvi2JBhA6ZhLT90FUYtdcKEkFjdK8QYJgvCwX:q+h2udpRBv5bRLTO+66KEs7Q9X

Score
10/10
0cobaltstrike

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

C2

http://82.117.252.209:80/RELEASE_NOTES

Attributes
  • access_type

    512

  • host

    82.117.252.209,/RELEASE_NOTES

  • http_header1

    AAAAEAAAABBIb3N0OiBqb21paGQuY29tAAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAAVQWNjZXB0LUVuY29kaW5nOiBnemlwAAAACgAAABZBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTAAAABwAAAAAAAAAIAAAAAwAAAAIAAAArd29yZHByZXNzXzUyMjM4NTU4ZTkzMGYxZWM2OTllNGYxMmFiMDE1YTRmPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAAEAAAABBIb3N0OiBqb21paGQuY29tAAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAAvQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQAAAAHAAAAAQAAAA8AAAADAAAAAgAAAAd3ZWlnaHQ9AAAABAAAAAcAAAAAAAAAAwAAAAIAAAAOX19zZXNzaW9uX19pZD0AAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • jitter

    9984

  • polling_time

    61258

  • port_number

    80

  • sc_process32

    %windir%\syswow64\regsvr32.exe

  • sc_process64

    %windir%\sysnative\regsvr32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCnOM3nXx+7HBhkbDd+AwFrFisSunK999w2tM0uTpuuEiBalcJhcL+QgQWtf6S7zPp5hjImG+2YcPl18geU4f5JlSPXHwilbK4DFb/ePWyKFjhrA7emVRqhM21QMlo1ANsn14rY/RO2pzuft8P7TXoIjjI/B2GGVuzYNZX6X4I2EwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    5.44480256e+08

  • unknown2

    AAAABAAAAAIAAAJYAAAAAwAAAA0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /mobile-ipad-home

  • user_agent

    Mozilla/5.0 (Linux; Android 8.0.0; SM-G960F Build/R16NW) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202

  • watermark

    0

Signatures

Files

  • cobaltstrike.payload-disk
    .dll windows x64

    a0a0796b63ad1685b1135de540aa1384


    Headers

    Imports

    Exports

    Sections