General
-
Target
23d750094ca8eb922441d4eec622dd4c_cobalt-strike_cobaltstrike_JC.exe
-
Size
208KB
-
Sample
230818-p469fahe92
-
MD5
23d750094ca8eb922441d4eec622dd4c
-
SHA1
947ce4bf0ad87699dbb75f04e6a47eb02e95f7ad
-
SHA256
58692aacd1347a23b088851ab7e15a8b830b25b69916bb0426783f81b24a5b6b
-
SHA512
8bc8a5c23f9cc0677d957f65c9f6b186144c76db7621b1469032d3c420ec1153b9d0066e7afb95bbbb7bb3e7b846c511633692e4a3a1e73c83f12881311d32ae
-
SSDEEP
3072:cI6CqRCxffkClZ8Ccn7LQlRw6x+Y3CxT2DtK5jdUNwY5T:cIDff9D8C6XYRw6MT2DEj
Malware Config
Extracted
cobaltstrike
666666
http://cdn.ethvseos.nl:2096/image/
-
access_type
512
-
beacon_type
2048
-
host
cdn.ethvseos.nl,/image/
-
http_header1
AAAACgAAAEhBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKmw7cT0wLjgAAAAKAAAAHVJlZmVyZXI6IGh0dHA6Ly93d3cuYmFpZHUuY29tAAAAEAAAABVIb3N0OiBjZG4uZXRodnNlb3MubmwAAAAKAAAAEFByYWdtYTogbm8tY2FjaGUAAAAKAAAAF0NhY2hlLUNvbnRyb2w6IG5vLWNhY2hlAAAABwAAAAAAAAAIAAAAAQAAAAQuanBnAAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAoAAAAdUmVmZXJlcjogaHR0cDovL3d3dy5iYWlkdS5jb20AAAAQAAAAFUhvc3Q6IGNkbi5ldGh2c2Vvcy5ubAAAAAoAAAAQUHJhZ21hOiBuby1jYWNoZQAAAAoAAAAXQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUAAAAHAAAAAAAAAAsAAAABAAAABC5wbmcAAAAMAAAABwAAAAEAAAADAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
2096
-
sc_process32
%windir%\syswow64\svchost.exe
-
sc_process64
%windir%\sysnative\svchost.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4lXakOY4wWwOQ8WFiW0duRNuFhDXX3eD+RRxWG6fnq9tuJzSZ7EUg2nM3oRm/v1EPg6V/U93zMvhm2jYKHVNuC+iBe2c3TIBjVXbPnjVhWQgVqpbzIZ0eD7E7TADyzDXuUuOkMpi5mLleB0t4P4JM5Tq9kB3iKjPXFuz9CWu9EwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
1.481970944e+09
-
unknown2
AAAABAAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/email/
-
user_agent
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2)
-
watermark
666666
Targets
-
-
Target
23d750094ca8eb922441d4eec622dd4c_cobalt-strike_cobaltstrike_JC.exe
-
Size
208KB
-
MD5
23d750094ca8eb922441d4eec622dd4c
-
SHA1
947ce4bf0ad87699dbb75f04e6a47eb02e95f7ad
-
SHA256
58692aacd1347a23b088851ab7e15a8b830b25b69916bb0426783f81b24a5b6b
-
SHA512
8bc8a5c23f9cc0677d957f65c9f6b186144c76db7621b1469032d3c420ec1153b9d0066e7afb95bbbb7bb3e7b846c511633692e4a3a1e73c83f12881311d32ae
-
SSDEEP
3072:cI6CqRCxffkClZ8Ccn7LQlRw6x+Y3CxT2DtK5jdUNwY5T:cIDff9D8C6XYRw6MT2DEj
Score3/10 -