Overview

overview

10

Static

static

3

t.exe

windows7-x64

10

t.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    t.exe

  • Size

    281KB

  • Sample

    230621-nw2hjsha36

  • MD5

    4c05d37db42075a3ed99412a75c7b14d

  • SHA1

    208db4d6ab1ec1220e372264d7da199cec52b5f1

  • SHA256

    1b389560fdd34e176e08ef6960ce0bbd57983fc4cf87f7b6574e67bb16a88058

  • SHA512

    222dff8706873d97cb1984bd8eb0829c87cf87c8ceb1e11a0e6902f7edef00c6a02f84f852c68466c2b34611af9e89f9c3e1bc661458d251ded84bc74bdd0109

  • SSDEEP

    6144:JVLADC3D+munv6tEWEl1+vGwUimOYgbMYbIMUWFEnNOOGI:MDC39unv63ukwOY2MYblUaN

Score
10/10
cobaltstrike0305419896backdoortrojan

Malware Config

Extracted

Family

cobaltstrike

Botnet

305419896

C2

http://195.133.11.16:80/push

Attributes
  • access_type

    512

  • host

    195.133.11.16,/push

  • http_header1

    AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_method1

    GET

  • http_method2

    POST

  • maxdns

    255

  • polling_time

    60000

  • port_number

    80

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCCRtsLPnQ51IYB57if5vZ7Md86YgSJ66rLm+CyDoWfePF0vA1VMk35Dikh8DFWinaoZzWEgia6ZTDaN/U7or9tvzpHK64CzDVPGB+1gO4dElN+xdz6hcKrf7DxpGzrJ1Ga56TCplac1UX/x7wbipl+jwtdrB4B8NVWBa2sZroRWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /submit.php

  • user_agent

    Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MANM; MANM)

  • watermark

    305419896

Extracted

Family

cobaltstrike

Botnet

0

Attributes
  • watermark

    0

Targets

    • Target

      t.exe

    • Size

      281KB

    • MD5

      4c05d37db42075a3ed99412a75c7b14d

    • SHA1

      208db4d6ab1ec1220e372264d7da199cec52b5f1

    • SHA256

      1b389560fdd34e176e08ef6960ce0bbd57983fc4cf87f7b6574e67bb16a88058

    • SHA512

      222dff8706873d97cb1984bd8eb0829c87cf87c8ceb1e11a0e6902f7edef00c6a02f84f852c68466c2b34611af9e89f9c3e1bc661458d251ded84bc74bdd0109

    • SSDEEP

      6144:JVLADC3D+munv6tEWEl1+vGwUimOYgbMYbIMUWFEnNOOGI:MDC39unv63ukwOY2MYblUaN

    Score
    10/10
    cobaltstrike0305419896backdoortrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks