Overview

overview

10

Static

static

10

d6274c8067...06.dll

windows7-x64

1

d6274c8067...06.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d6274c8067c384480589315a6d80810d25a6be16cd638194a7609091d9743406

  • Size

    257KB

  • Sample

    230811-jtfqvabg36

  • MD5

    f4ca1fefe222bcb48b12f8cb0a2288e5

  • SHA1

    d1cbfb683f53b92b6c6268b94a52c6efb1547e5d

  • SHA256

    d6274c8067c384480589315a6d80810d25a6be16cd638194a7609091d9743406

  • SHA512

    bc83a5740357758937b44a03f0fd5267c979b69ff0a42544f5600bccf2404552aacc98f0c8e92bd3f1a1ddbb46a9a01ee8ac1ae5c278c6e9867d942c1b2cfde6

  • SSDEEP

    6144:RsYwjwIGIprrJweGTIDjhOTRryQ8js5Q:RE/nweh5Q8

Score
10/10
cobaltstrike999999

Malware Config

Extracted

Family

cobaltstrike

Botnet

999999

C2

http://99avip.online:443/c/msdownload/update/others/2016/12/29136388_

Attributes
  • access_type

    512

  • beacon_type

    2048

  • host

    99avip.online,/c/msdownload/update/others/2016/12/29136388_

  • http_header1

    AAAACgAAAAtBY2NlcHQ6ICovKgAAABAAAAAgSG9zdDogZG93bmxvYWQud2luZG93c3VwZGF0ZS5jb20AAAAHAAAAAAAAAA0AAAABAAAABC5jYWIAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAcAAAAAAAAAAgAAAB1kb3dubG9hZC53aW5kb3dzdXBkYXRlLmNvbS9jLwAAAAYAAAAESG9zdAAAAAcAAAABAAAADQAAAAEAAAAELmNhYgAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    GET

  • jitter

    5120

  • polling_time

    60000

  • port_number

    443

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCfi5qZR4wnmlYmM2PTPrePXNb0rCe0kT7JM82iUiI4RiJxkr3LbyBFpcetYHdXqKH+TDNYbwlmR+ufGrfAWdgonmBT5A2gOE9ToD3Pp2RvUbX8P3PkTFVrMmSGW0+PRNHo0uAMeqMMJ+vdL45HizziWYZuCt4Riax//5iqDUmyGQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown3

    1.610612736e+09

  • uri

    /c/msdownload/update/others/2016/12/3215234_

  • user_agent

    Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.40

  • watermark

    999999

Targets

    • Target

      d6274c8067c384480589315a6d80810d25a6be16cd638194a7609091d9743406

    • Size

      257KB

    • MD5

      f4ca1fefe222bcb48b12f8cb0a2288e5

    • SHA1

      d1cbfb683f53b92b6c6268b94a52c6efb1547e5d

    • SHA256

      d6274c8067c384480589315a6d80810d25a6be16cd638194a7609091d9743406

    • SHA512

      bc83a5740357758937b44a03f0fd5267c979b69ff0a42544f5600bccf2404552aacc98f0c8e92bd3f1a1ddbb46a9a01ee8ac1ae5c278c6e9867d942c1b2cfde6

    • SSDEEP

      6144:RsYwjwIGIprrJweGTIDjhOTRryQ8js5Q:RE/nweh5Q8

    Score
    3/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks