General

  • Target

    9b570603035afe928824e50b04cd7f2ef91240dbd7a03bf056e202b9e7193896

  • Size

    22.7MB

  • Sample

    230324-w9qbfage88

  • MD5

    1f0b80e67abd8668aad53e392698bac9

  • SHA1

    070c8532f90178dcbf0e2a60bf919fc7acff08ea

  • SHA256

    9b570603035afe928824e50b04cd7f2ef91240dbd7a03bf056e202b9e7193896

  • SHA512

    528bccb89a3cb46ee21f29b1beeeae24b1f5117ac237ea4258cefee582ac37c78d25809c6d0d89834dd8d5e38835293b6e4ee79836e78c6938fd38b0441b97cc

  • SSDEEP

    196608:30sKQ/WwVjXM4y33/hXJVBtnRVRW4kngMHGE:NKQRjJ+rVBtRHE

Malware Config

Extracted

Family

cobaltstrike

Botnet

838968285

C2

http://d2oca100euqhv5.cloudfront.net:443/client-portal/insight

Attributes
  • access_type

    512

  • beacon_type

    2048

  • host

    d2oca100euqhv5.cloudfront.net,/client-portal/insight

  • http_header1

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAARQ29ubmVjdGlvbjogQ2xvc2UAAAAHAAAAAAAAAAMAAAACAAAAC0pTRVNTSU9OSUQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAARQ29ubmVjdGlvbjogQ2xvc2UAAAAHAAAAAAAAAAgAAAANAAAABQAAAAJpZAAAAAcAAAABAAAADwAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • jitter

    8448

  • polling_time

    30000

  • port_number

    443

  • sc_process32

    %windir%\syswow64\rundll32x.exe

  • sc_process64

    %windir%\sysnative\rundll32x.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCtI7P7EjdUTdb6ydcLvYfljr7MaP9stUdClJpVGaGdTFUh+8PKhNqh1bhQDaBQn3e+kWHKt+34pzVvPAdWaiBhVyPtIfIZrti0oraKW1PWo3E7pVECrpOIzlz9CR/JkvdYTHpGNp42C6b0wj0dh43WZtn6aRGGUgXC38oqsUImwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    6.711296e+07

  • unknown2

    AAAABAAAAA8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /client-portal/ping

  • user_agent

    Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36

  • watermark

    838968285

  • year

    256

Targets

    • Target

      ApiClient.dll

    • Size

      236KB

    • MD5

      857b1f7cfd086a2fd24b978712eb8380

    • SHA1

      bb73a0c41e9064e424c2b5b8cd84c368d1cc9179

    • SHA256

      55ce30aa67d0aa7068d01036c4d267eea9ef36315c674fca4458aa0b3d2bd67e

    • SHA512

      5e43dea1414e72e35886b1a9b190072cbb2879987d5c37eb7ca3b4bf5a54229d78c933b3d478e6ebf065c34096a8adbed95b16e91755e069e2cfe3c9c5dedc6d

    • SSDEEP

      6144:oWpFcAT3+H+vWvSn6wmSFAIQBBohcc56XW:riAT3+HnS642BBoqfXW

    Score
    3/10
    • Target

      msvcp140.dll

    • Size

      552KB

    • MD5

      cb75d6437418afe1a7b52acf75730ff1

    • SHA1

      54c2da9552671b161cc87eb50fbdb86319b00f56

    • SHA256

      7c4ce9d6bfcd6d9db4eef4e75ecdcf5a8e5320106e80f1eca617439fa43f33e8

    • SHA512

      f58abb740a30467e2d8aedd7eed357da020fdc7d966e245890d102a52e96fea296e122c1d2bc112423fc64b6f5e70b7df3f3eb7de1bf5c2f5f0eb3644f1e06d6

    • SSDEEP

      12288:P/Wn7JnU0QUgqtLe1fqSKnqEXG6IOaaal7wC/QaDWxncycIW6z9y5QEKZm+jWody:XN59IW6z9OQEKZm+jWodEEYZ

    Score
    3/10
    • Target

      setup.exe

    • Size

      21.5MB

    • MD5

      9d311899c431152ceaa676c81c656d9f

    • SHA1

      6b64bf51869662caeca104254113678bb0ccf96f

    • SHA256

      7285efae50a67581e0748960f1800fd97a58945d95344a39985f22fd3d6bfb0b

    • SHA512

      91e4b86285b06c71afaa58acb6f2cea2d9222d30ee3c2993987b74b4205eb45147659930f54ac990438aca93a69576838b8c24d57b78bb89b9e555856d8adf13

    • SSDEEP

      196608:MKQ/WwVjXM4y33/hXJVBtnRVRW4kngMHGG:MKQRjJ+rVBtRHG

    • Target

      vcruntime140.dll

    • Size

      371KB

    • MD5

      ac5f699d4ea4a05d5c8027f31fd1b511

    • SHA1

      ad3f17abcbe3a5bb824e8f700adfa49d1822b1ce

    • SHA256

      55ddd290b0b373e875c0482548a8ddc0e0cb2fad34024146cffddb89657914c1

    • SHA512

      624cb512066b2a00701a14db9595d2d61b9438eb1f7c138e08e97178320cb73402ce7001b855e949d33b61c14484e06c2ef3b453f5655d5beaf623cbdfa94f4a

    • SSDEEP

      6144:cTZ+TCHgeecbKF0FpbmGWF5PBpj3FEOr6BeJetJXYwSA3M9Z/xN9di46bgjYBgTT:cTZ+ZDG4NezDt5XtcvxN9div0Y2f

    Score
    3/10
    • Target

      vcruntime140_1.dll

    • Size

      36KB

    • MD5

      7667b0883de4667ec87c3b75bed84d84

    • SHA1

      e6f6df83e813ed8252614a46a5892c4856df1f58

    • SHA256

      04e7ccbdcad7cbaf0ed28692fb08eab832c38aad9071749037ee7a58f45e9d7d

    • SHA512

      968cbaafe416a9e398c5bfd8c5825fa813462ae207d17072c035f916742517edc42349a72ab6795199d34ccece259d5f2f63587cfaeb0026c0667632b05c5c74

    • SSDEEP

      384:5InvMCmWEyhUcSLt5a9k6KrOE5fY/ntz5txWE6Wc+XfbmuncS74GdWrUKWj14gHg:dCm5yhUcwrHY/ntTxT6ovR7VxIV1z

    Score
    3/10

MITRE ATT&CK Matrix

Tasks