Overview

overview

10

Static

static

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    1540-56-0x0000000000320000-0x000000000037A000-memory.dmp

  • Size

    360KB

  • MD5

    473fbcafbaaf96941e8ede015c9c6f30

  • SHA1

    c335cf0f6c0d5bfd81782f6ec87e3a46070d4889

  • SHA256

    1277785d6a8c3824276179282df8dafa86943161d7af217c7d810ede3a511f08

  • SHA512

    5f2ce1835c69c8db5d607d9c79e66a8934416d38596f7c92d87ed6329a7999237107581c0a55e4f3c30f41930a4fe6c20b11d62e1aba5e756087b440f46d3273

  • SSDEEP

    3072:x2iUczbINhWl+CIbrqqEVxEfDCJS4l9JTFyG+JteEzCnLNFMtgYJQ6vzHkNTrKer:xFzbUlfDCvT4ZTXzCLGgOurKM

Score
10/10
12345cobaltstrike

Malware Config

Extracted

Family

cobaltstrike

Botnet

12345

C2

http://212.118.55.225:4444/scrub

Attributes
  • access_type

    512

  • beacon_type

    2048

  • host

    212.118.55.225,/scrub

  • http_header1

    AAAAEAAAABBIb3N0OiBmbGxybmQuY29tAAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAASQWNjZXB0OiBpbWFnZS90aWZmAAAACgAAACZBY2NlcHQtRW5jb2Rpbmc6IGd6aXAgZGVmbGF0ZSBjb21wcmVzcwAAAAcAAAAAAAAADQAAAAMAAAACAAAACXF1X2NzcmY6PQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAAEAAAABBIb3N0OiBmbGxybmQuY29tAAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAAYQ29udGVudC1UeXBlOiB0ZXh0L3BsYWluAAAABwAAAAEAAAAPAAAAAwAAAAQAAAAHAAAAAAAAAAMAAAACAAAADl9fc2Vzc2lvbl9faWQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • jitter

    18688

  • polling_time

    53

  • port_number

    4444

  • sc_process32

    %windir%\syswow64\mstsc.exe

  • sc_process64

    %windir%\sysnative\mstsc.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCjut9JrLKK+w9sliNjqcmC7WATDBpfR3tamS16uhtcgg7pPmFue7CKzVuD7DJmZpg2fLdeVpMaKL8zGfNvM4pG8nW1PkpRQn0kuyRfmIyxZe1jT8qsL7nOAbXGa+yD56YqTbWtn9C+fsAQ/go2Rl5zMn802fBnOYWkTm+HYIJa8QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    3.025605888e+09

  • unknown2

    AAAABAAAAAIAAAJYAAAAAwAAAA8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /e-tailers

  • user_agent

    Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

  • watermark

    12345

Signatures

Files

  • 1540-56-0x0000000000320000-0x000000000037A000-memory.dmp