cobaltstrike | 1644-54-0x0000000027770000-0x00000000277B4000-memory[.]dmp

Sharing

Copy URL Twitter E-mail

General

Target

1644-54-0x0000000027770000-0x00000000277B4000-memory.dmp
Size

272KB
MD5

acfe79c1665bd0085df4cf60a60f4b43
SHA1

b8e6f1a99561b143b264770ff1776b1df1b81442
SHA256

049ba2d0b1220a15f62b49fbe846be090ac06ddaaadee142d67af58a433ac7d2
SHA512

361e6f0e6231bdc36ca68d7ea32d1f89583fb51e91577d570520cb346e9f618d88415e26d8cd56d7d641d131cce2435a8ed34cafc8acb7f4a805d8280cc36cc8
SSDEEP

6144:CyU+8VVVOjeoo64Kk4OjrpwibuNe1wOTLmw2AwIk5UorKM:CRp/OjHv4Kk1jNwauNe1wOTv2ACUk

Score

10^/10

391144938 cobaltstrike

Malware Config

Extracted

Family

cobaltstrike

Botnet

391144938

http://591.cdn-vod.huaweicloud.com:443/dist/css/bootstrap.min.css

Attributes

access_type
512
beacon_type
2048
host
591.cdn-vod.huaweicloud.com,/dist/css/bootstrap.min.css
http_header1
AAAACgAAADhBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sOwAAABAAAAAWSG9zdDogZ2V0Ym9vdHN0cmFwLmNvbQAAAAoAAAAeQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlAAAACgAAAB9BY2NlcHQtTGFuZ3VhZ2U6IHpoLUNOLHpoO3E9MC45AAAABwAAAAAAAAANAAAAAgAAAAlfX2NmZHVpZD0AAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAACgAAADhBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sOwAAABAAAAAWSG9zdDogZ2V0Ym9vdHN0cmFwLmNvbQAAAAoAAAAeQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlAAAACgAAAB9BY2NlcHQtTGFuZ3VhZ2U6IHpoLUNOLHpoO3E9MC45AAAABwAAAAAAAAANAAAABQAAAAVzZXJ2ZQAAAAcAAAABAAAAAwAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
POST
http_method2
POST
jitter
9472
polling_time
10000
port_number
443
sc_process32
%windir%\syswow64\svchost.exe -k netsvcs
sc_process64
%windir%\sysnative\svchost.exe -k netsvcs
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCwAjNgSXInaiSut3Ki7oaJobh0S5MZwKOr4p9OirbzP9CCdI7lIJqv3YL0r4c6A6FY2BcdbqSvmGUMZRGNs8RBO1qqViV/1ckq/LWNMCy4Yd1TgUptSfOVmr+zC4P1vgefv7yJzKwOlc2iz1isx/q/45oqU901c+gnxpytw6uxZQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
3.462927616e+09
unknown2
AAAABAAAAAEAAAAtAAAAAQAABsMAAAACAAAAFAAAAAIAAAA1AAAAAgAAACwAAAACAAAAJAAAAAIAAABLAAAAAgAAC6IAAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/dist/js/bootstrap.bundle.min.js
user_agent
Mozilla/5.0 (X11; U; Linux x86_64; en-us) AppleWebKit/531.2+ (KHTML, like Gecko) Version/5.0 Safari/531.2+
watermark
391144938

Signatures

Cobaltstrike family
cobaltstrike

Files

1644-54-0x0000000027770000-0x00000000277B4000-memory.dmp