Overview

overview

10

Static

static

10

2023-03-24...de.bin

windows10-1703-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2023-03-24-Cobalt-Strike-shellcode.bin

  • Size

    270KB

  • Sample

    230328-n8t91aah57

  • MD5

    79777ef905bf558f85c1832fed94f6f2

  • SHA1

    4b13181a33cb886317841cf9cd847efc64c0ca1a

  • SHA256

    d97a8a887dd83de899957fc9e2a98b8ba1d4129899f95bf3a95b034e9dee2c26

  • SHA512

    763b635e8af1f3500fd86c7187a66a3abfca8b9941fa00fddcf42ea832e92f8e38af106ca74abec1a178db3c65bb40c2044be016e7d723af40af53fe3be557bc

  • SSDEEP

    6144:VyU+8VVVOjeoo64Kk4OjrpwibuNe1wOTLmw2AoIk5UtrKM:VRp/OjHv4Kk1jNwauNe1wOTv2A6UJ

Score
10/10
cobaltstrike674054486

Malware Config

Extracted

Family

cobaltstrike

Botnet

674054486

C2

http://voiceinfosys.net:80/es

Attributes
  • access_type

    512

  • host

    voiceinfosys.net,/es

  • http_header1

    AAAAEAAAABZIb3N0OiB2b2ljZWluZm9zeXMubmV0AAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAASQWNjZXB0OiBpbWFnZS9qcGVnAAAABwAAAAAAAAALAAAAAwAAAAIAAAAUd29yZHByZXNzX2xvZ2dlZF9pbj0AAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAAEAAAABZIb3N0OiB2b2ljZWluZm9zeXMubmV0AAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAAYQ29udGVudC1UeXBlOiB0ZXh0L3BsYWluAAAABwAAAAEAAAANAAAAAwAAAAQAAAAHAAAAAAAAAAMAAAACAAAADl9fc2Vzc2lvbl9faWQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • jitter

    11008

  • polling_time

    58716

  • port_number

    80

  • sc_process32

    %windir%\syswow64\runonce.exe

  • sc_process64

    %windir%\sysnative\runonce.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCaznbxNcZ0dXD4A3zagH1WOETphSlB8n6ESc9JXFKJjJnRMNtkv3xmhMwY6UC1e51klf5h1MjpT3aRKsd+6wWYNcS+RpVjqVf50rpkGmDnEAXl7WiRM7dtdSNqIGPfEoM8fQRYu5BGqQS65JvmOxEZ078DO4X/qez/F+XGq/kkwwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4.272630272e+09

  • unknown2

    AAAABAAAAAIAAAFSAAAAAwAAAAsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /af

  • user_agent

    Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.246

  • watermark

    674054486

Targets

    • Target

      2023-03-24-Cobalt-Strike-shellcode.bin

    • Size

      270KB

    • MD5

      79777ef905bf558f85c1832fed94f6f2

    • SHA1

      4b13181a33cb886317841cf9cd847efc64c0ca1a

    • SHA256

      d97a8a887dd83de899957fc9e2a98b8ba1d4129899f95bf3a95b034e9dee2c26

    • SHA512

      763b635e8af1f3500fd86c7187a66a3abfca8b9941fa00fddcf42ea832e92f8e38af106ca74abec1a178db3c65bb40c2044be016e7d723af40af53fe3be557bc

    • SSDEEP

      6144:VyU+8VVVOjeoo64Kk4OjrpwibuNe1wOTLmw2AoIk5UtrKM:VRp/OjHv4Kk1jNwauNe1wOTv2A6UJ

    Score
    3/10
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks