Overview

overview

10

Static

static

10

2023-08-23...JC.dll

windows7-x64

3

2023-08-23...JC.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2023-08-23_42c87bdc90fca56cad64ec67d26bb16d_cobalt-strike_cobaltstrike_JC.exe

  • Size

    208KB

  • Sample

    230903-yejlhscb59

  • MD5

    42c87bdc90fca56cad64ec67d26bb16d

  • SHA1

    21ad9920e0eda3423ddf112ceb6b042f2371129d

  • SHA256

    1d5dd67978dacdc347b4e9adabd590eafd6b32497e411fb6acfa801f768e2f31

  • SHA512

    a71755d3588fb35d6d2087c557bfbd3fce4c4bb9d10cc4e1a3a38ce22844d9bcef0e9a383ce1ff63cb51d96e8306ae8bbb7542c6dfc9701685264d1b14bd5813

  • SSDEEP

    3072:z+FcIvEbJvYdGVWwk4Kj6olpR2B5f4dS/L4jjZUC9p5+w6E:AHEbJAZwBqplpAX/LmjbabE

Score
10/10
cobaltstrike1873433027

Malware Config

Extracted

Family

cobaltstrike

Botnet

1873433027

C2

http://81.70.253.205:1314/cx

Attributes
  • access_type

    512

  • host

    81.70.253.205,/cx

  • http_header1

    AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_method1

    GET

  • http_method2

    POST

  • maxdns

    255

  • polling_time

    60000

  • port_number

    1314

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCiT7fc1kff5oFoqT+IAWlW8Q20IMT8daqONSbyUAxC0i+mGDJ5rAZkcjtEAZLt87j49FNO5wONqSclfQaPCUe3rBarXX+OuLFDcFk8EwJUAGysCkztp1q6wbMfZlQj2XGHQucyIHRQNHiOToTmOtjDWVV5LNXnKmbk+OUF5QuVJQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /submit.php

  • user_agent

    Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; Touch; MALCJS)

  • watermark

    1873433027

Targets

    • Target

      2023-08-23_42c87bdc90fca56cad64ec67d26bb16d_cobalt-strike_cobaltstrike_JC.exe

    • Size

      208KB

    • MD5

      42c87bdc90fca56cad64ec67d26bb16d

    • SHA1

      21ad9920e0eda3423ddf112ceb6b042f2371129d

    • SHA256

      1d5dd67978dacdc347b4e9adabd590eafd6b32497e411fb6acfa801f768e2f31

    • SHA512

      a71755d3588fb35d6d2087c557bfbd3fce4c4bb9d10cc4e1a3a38ce22844d9bcef0e9a383ce1ff63cb51d96e8306ae8bbb7542c6dfc9701685264d1b14bd5813

    • SSDEEP

      3072:z+FcIvEbJvYdGVWwk4Kj6olpR2B5f4dS/L4jjZUC9p5+w6E:AHEbJAZwBqplpAX/LmjbabE

    Score
    3/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks