Overview

overview

10

Static

static

10

228664fbbb...4d.dll

windows7-x64

1

228664fbbb...4d.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    228664fbbb70b7815f811b60064e89af6460d62141d679647d995b6e1652c94d

  • Size

    259KB

  • Sample

    230911-kpz5cseh96

  • MD5

    062675b5a045013f93a3fdc84988733b

  • SHA1

    79fb7b78e0cc3427e462b96d75c126b5eb99f8fe

  • SHA256

    228664fbbb70b7815f811b60064e89af6460d62141d679647d995b6e1652c94d

  • SHA512

    a642ced11c1c340efff72c787f1b44b35ce765c68e123ab30742f99308d8c9dddd4edbec234a956b9f23d925305c4ec69fc36b8302f9cc19ea039ba16a732df8

  • SSDEEP

    6144:uJqVG5d1IpMyibgkTZI6jHID90aYBXRH/:u3d6tevoxIBXd

Score
10/10
cobaltstrike100000

Malware Config

Extracted

Family

cobaltstrike

Botnet

100000

C2

http://124.221.0.93:7080/g.pixel

Attributes
  • access_type

    512

  • host

    124.221.0.93,/g.pixel

  • http_header1

    AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • polling_time

    60000

  • port_number

    7080

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCK8fRrR8ygyM5q31TvJMdmA3PSJ5MI/msymzvVFgw/O6xho0tS7uoFa0/IBlWUtojWjOur06gpA+TEjLldBn7miIClnRma5I/X+Sxc11C+Z+QGO6ct5f5TyRKsNA537DKoek9z+XV+uD12wdo348nevwz6s4G9VgTPxzoW44AcMwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /submit.php

  • user_agent

    Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)

  • watermark

    100000

Targets

    • Target

      228664fbbb70b7815f811b60064e89af6460d62141d679647d995b6e1652c94d

    • Size

      259KB

    • MD5

      062675b5a045013f93a3fdc84988733b

    • SHA1

      79fb7b78e0cc3427e462b96d75c126b5eb99f8fe

    • SHA256

      228664fbbb70b7815f811b60064e89af6460d62141d679647d995b6e1652c94d

    • SHA512

      a642ced11c1c340efff72c787f1b44b35ce765c68e123ab30742f99308d8c9dddd4edbec234a956b9f23d925305c4ec69fc36b8302f9cc19ea039ba16a732df8

    • SSDEEP

      6144:uJqVG5d1IpMyibgkTZI6jHID90aYBXRH/:u3d6tevoxIBXd

    Score
    3/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks