General
-
Target
2023-08-23_d9eb86ba44d479a4e50683557622c4ce_cobalt-strike_cobaltstrike_meterpreter_JC.exe
-
Size
208KB
-
Sample
230908-n3yegabc7x
-
MD5
d9eb86ba44d479a4e50683557622c4ce
-
SHA1
2036480ff03c5e2a3e3536a631e9f2febdaf1c0c
-
SHA256
92f5319c660beb4768af62d8d726cca7e785c0900d5336ba4c7ba01f5c9d2931
-
SHA512
907b0fbb4d5d8f5a1f899a98ea03899f4250723e4f66efb7cdcd33a4a2a6d72b65dd99b5323c0142b27d5a409b4147cb75af921ba86733fbe7dd094d5b833e9e
-
SSDEEP
3072:LI6CqRCxffkClZ8Ccn7LQlRw6x+Y3CxT2DtK5jdUBY5q+:LIDff9D8C6XYRw6MT2DEj
Malware Config
Extracted
cobaltstrike
100000
http://173.82.179.219:50000/dot.gif
-
access_type
512
-
host
173.82.179.219,/dot.gif
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
50000
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCaOw4J73F7jH+WiA+rtsFLDVFPbAdr/BS2fE1JvSoDcQpcPS94J4MMlisIqjRAszzIQrdJu10D0yZ43h9EbBUiboIzEsQEm39m6p+aQAIAALYk3b4/pyy4dThi7eSeUmgXhZ3DfsM6HfsEIZNTKJEDCFYp/PhwLNan58Qg2FGnVQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; InfoPath.2)
-
watermark
100000
Targets
-
-
Target
2023-08-23_d9eb86ba44d479a4e50683557622c4ce_cobalt-strike_cobaltstrike_meterpreter_JC.exe
-
Size
208KB
-
MD5
d9eb86ba44d479a4e50683557622c4ce
-
SHA1
2036480ff03c5e2a3e3536a631e9f2febdaf1c0c
-
SHA256
92f5319c660beb4768af62d8d726cca7e785c0900d5336ba4c7ba01f5c9d2931
-
SHA512
907b0fbb4d5d8f5a1f899a98ea03899f4250723e4f66efb7cdcd33a4a2a6d72b65dd99b5323c0142b27d5a409b4147cb75af921ba86733fbe7dd094d5b833e9e
-
SSDEEP
3072:LI6CqRCxffkClZ8Ccn7LQlRw6x+Y3CxT2DtK5jdUBY5q+:LIDff9D8C6XYRw6MT2DEj
Score3/10 -