General
-
Target
2023-08-23_42c87bdc90fca56cad64ec67d26bb16d_cobalt-strike_cobaltstrike_JC.exe
-
Size
208KB
-
Sample
230903-yejlhscb59
-
MD5
42c87bdc90fca56cad64ec67d26bb16d
-
SHA1
21ad9920e0eda3423ddf112ceb6b042f2371129d
-
SHA256
1d5dd67978dacdc347b4e9adabd590eafd6b32497e411fb6acfa801f768e2f31
-
SHA512
a71755d3588fb35d6d2087c557bfbd3fce4c4bb9d10cc4e1a3a38ce22844d9bcef0e9a383ce1ff63cb51d96e8306ae8bbb7542c6dfc9701685264d1b14bd5813
-
SSDEEP
3072:z+FcIvEbJvYdGVWwk4Kj6olpR2B5f4dS/L4jjZUC9p5+w6E:AHEbJAZwBqplpAX/LmjbabE
Behavioral task
behavioral1
Sample
2023-08-23_42c87bdc90fca56cad64ec67d26bb16d_cobalt-strike_cobaltstrike_JC.dll
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
2023-08-23_42c87bdc90fca56cad64ec67d26bb16d_cobalt-strike_cobaltstrike_JC.dll
Resource
win10v2004-20230831-en
Malware Config
Extracted
cobaltstrike
1873433027
http://81.70.253.205:1314/cx
-
access_type
512
-
host
81.70.253.205,/cx
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_method1
GET
-
http_method2
POST
-
maxdns
255
-
polling_time
60000
-
port_number
1314
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCiT7fc1kff5oFoqT+IAWlW8Q20IMT8daqONSbyUAxC0i+mGDJ5rAZkcjtEAZLt87j49FNO5wONqSclfQaPCUe3rBarXX+OuLFDcFk8EwJUAGysCkztp1q6wbMfZlQj2XGHQucyIHRQNHiOToTmOtjDWVV5LNXnKmbk+OUF5QuVJQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; Touch; MALCJS)
-
watermark
1873433027
Targets
-
-
Target
2023-08-23_42c87bdc90fca56cad64ec67d26bb16d_cobalt-strike_cobaltstrike_JC.exe
-
Size
208KB
-
MD5
42c87bdc90fca56cad64ec67d26bb16d
-
SHA1
21ad9920e0eda3423ddf112ceb6b042f2371129d
-
SHA256
1d5dd67978dacdc347b4e9adabd590eafd6b32497e411fb6acfa801f768e2f31
-
SHA512
a71755d3588fb35d6d2087c557bfbd3fce4c4bb9d10cc4e1a3a38ce22844d9bcef0e9a383ce1ff63cb51d96e8306ae8bbb7542c6dfc9701685264d1b14bd5813
-
SSDEEP
3072:z+FcIvEbJvYdGVWwk4Kj6olpR2B5f4dS/L4jjZUC9p5+w6E:AHEbJAZwBqplpAX/LmjbabE
Score3/10 -