Overview

overview

10

Static

static

10

0d16117dc3...JC.dll

windows7-x64

3

0d16117dc3...JC.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0d16117dc34736exe_JC.exe

  • Size

    204KB

  • Sample

    230713-x7j73sae85

  • MD5

    0d16117dc3473639a44f41f0d102e7dd

  • SHA1

    572a3a160517041c8129f94d4dcfc13b8a370286

  • SHA256

    1b3a761811d7964837c17ee3e764de45185ec1d0d8dc92049ee086174de6181f

  • SHA512

    d3b4ab1557a6824ceb037f5032518ecd5cfa6c51a9b2e8144da45d2a48f95230b9e87dc3d93cef2a3287f29c7648adb48c01c8b16460921d5e8d37e970664ebf

  • SSDEEP

    3072:5dFna2JSkcrnYSdM50RAXSPy0qUiS0Lxh5H4evyzUhjQUF5A:FRYkcrY4MCIt07iPlvU0j

Score
10/10
cobaltstrike305419896

Malware Config

Extracted

Family

cobaltstrike

Botnet

305419896

C2

http://195.133.11.16:80/j.ad

Attributes
  • access_type

    512

  • host

    195.133.11.16,/j.ad

  • http_header1

    AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_method1

    GET

  • http_method2

    POST

  • maxdns

    255

  • polling_time

    60000

  • port_number

    80

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCCRtsLPnQ51IYB57if5vZ7Md86YgSJ66rLm+CyDoWfePF0vA1VMk35Dikh8DFWinaoZzWEgia6ZTDaN/U7or9tvzpHK64CzDVPGB+1gO4dElN+xdz6hcKrf7DxpGzrJ1Ga56TCplac1UX/x7wbipl+jwtdrB4B8NVWBa2sZroRWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /submit.php

  • user_agent

    Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MANM)

  • watermark

    305419896

Targets

    • Target

      0d16117dc34736exe_JC.exe

    • Size

      204KB

    • MD5

      0d16117dc3473639a44f41f0d102e7dd

    • SHA1

      572a3a160517041c8129f94d4dcfc13b8a370286

    • SHA256

      1b3a761811d7964837c17ee3e764de45185ec1d0d8dc92049ee086174de6181f

    • SHA512

      d3b4ab1557a6824ceb037f5032518ecd5cfa6c51a9b2e8144da45d2a48f95230b9e87dc3d93cef2a3287f29c7648adb48c01c8b16460921d5e8d37e970664ebf

    • SSDEEP

      3072:5dFna2JSkcrnYSdM50RAXSPy0qUiS0Lxh5H4evyzUhjQUF5A:FRYkcrY4MCIt07iPlvU0j

    Score
    3/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks