cobaltstrike | 2100-62-0x0000000028350000-0x00000000287C2000-memory[.]dmp

Sharing

Copy URL

Twitter E-mail

General

Target

2100-62-0x0000000028350000-0x00000000287C2000-memory.dmp
Size

4.4MB
MD5

9fc1df7ff4aa33e150c24309f384816c
SHA1

30247f3f81bb4584436dff33feef76026f528169
SHA256

90a043ab52a8b90cd2bd3ead92ad564b49241bbb648c2909dc7c1f99f8b5df0d
SHA512

dfafa0a36c1f7155d49b17e74674b3c4da2e3200fc32bbdda3f9f8ddb84ae5b88d2399cc05c1956ca11cd590e913fcdebcd3f7aa228d2ae6fc2fc242bfc652ec
SSDEEP

6144:/JqKG5dmgyibgkTZI6jHID90au2BXbH/:/6dgevoxBXb

Score

10^/10

100000000 cobaltstrike

Malware Config

Extracted

Family

cobaltstrike

Botnet

100000000

http://021.qaxno1.ml:2083/poll

Attributes

access_type
512
beacon_type
2048
host
021.qaxno1.ml,/poll
http_header1
AAAACgAAABpYLUN1c3RvbS1QU0s6IFtTT01FX1ZBTFVFXQAAAAcAAAAAAAAADQAAAAgAAAANAAAABQAAAAV0b2tlbgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAACQAAAB5hY3Rpb249R2V0RXh0ZW5zaWJpbGl0eUNvbnRleHQAAAAKAAAALUNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vanNvbjsgY2hhcnNldD11dGYtOAAAAAoAAAAQUHJhZ21hOiBuby1jYWNoZQAAAAoAAAAaWC1DdXN0b20tUFNLOiBbU09NRV9WQUxVRV0AAAAHAAAAAAAAAAUAAAAFdG9rZW4AAAAHAAAAAQAAAA8AAAADAAAAAgAAABl7InZlcnNpb24iOiIyIiwicmVwb3J0IjoiAAAAAQAAAAIifQAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
polling_time
1000
port_number
2083
sc_process32
%windir%\syswow64\dllhost.exe
sc_process64
%windir%\sysnative\dllhost.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqzEJfhNRDTUWc4OFw6QgWMCgtZpCzf+4+RQGYwL9gNHEC7Oh+6fCB3hnfVWpvxm96OVnB0eWJt6P1aNkZxVZ+u6PuqrBRm+Ad5gbjYgujotq7rM44FsmQaZAp8fORER8oRJjuMN1AxEzkj0VjMXZ8LwkT+0lyLqjjmBsdJBcCWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
2.102727936e+09
unknown2
AAAABAAAAAEAAAACAAAAAgAAACMAAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/upload
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36
watermark
100000000

Signatures

Cobaltstrike family
cobaltstrike

Files

2100-62-0x0000000028350000-0x00000000287C2000-memory.dmp