Overview

overview

10

Static

static

10

a1a90cf9ef...ed.dll

windows7-x64

3

a1a90cf9ef...ed.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a1a90cf9ef290e6a6e230535bab529ac59745e256b3b737c885a727be1d0d5ed

  • Size

    208KB

  • Sample

    230924-cw29asdf66

  • MD5

    9f79ee0aa51cb50eb2d84d745fe50fef

  • SHA1

    d35ddef80b9d43609cd560475e05eb233fbd4c4f

  • SHA256

    a1a90cf9ef290e6a6e230535bab529ac59745e256b3b737c885a727be1d0d5ed

  • SHA512

    0a9d66d766050f5fcfa46d63f8775c04572fb5802e8255a25ee205dbaade26e7d9a483c4f4b262a5f56a760592159eca80fcc8a2d2c86e4ccac90b387ecac50f

  • SSDEEP

    3072:LI6CqRCxffkClZ8Ccn7LQlRw6x+Y3CxT2DtK5jdU8Y5Y:LIDff9D8C6XYRw6MT2DEj

Score
10/10
cobaltstrike100000

Malware Config

Extracted

Family

cobaltstrike

Botnet

100000

C2

http://172.19.31.15:80/match

Attributes
  • access_type

    512

  • host

    172.19.31.15,/match

  • http_header1

    AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • polling_time

    60000

  • port_number

    80

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCinJU55hyTE9676kPyA+fLPvEjAb3QRdkyptacTS2NIioQqZSTKxQrN6TaBvg7BDUdnfbT3iEzi08STsO9KX2NqL1LWvJ3tzdIdQlmxb86hK3xP/v9xzYpa9mQK8SNUTgVZnz8NNAKilV25RAbRZ4e4SzBMCy7Jpy9uSOOlb9qyQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /submit.php

  • user_agent

    Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; ASU2JS)

  • watermark

    100000

Targets

    • Target

      a1a90cf9ef290e6a6e230535bab529ac59745e256b3b737c885a727be1d0d5ed

    • Size

      208KB

    • MD5

      9f79ee0aa51cb50eb2d84d745fe50fef

    • SHA1

      d35ddef80b9d43609cd560475e05eb233fbd4c4f

    • SHA256

      a1a90cf9ef290e6a6e230535bab529ac59745e256b3b737c885a727be1d0d5ed

    • SHA512

      0a9d66d766050f5fcfa46d63f8775c04572fb5802e8255a25ee205dbaade26e7d9a483c4f4b262a5f56a760592159eca80fcc8a2d2c86e4ccac90b387ecac50f

    • SSDEEP

      3072:LI6CqRCxffkClZ8Ccn7LQlRw6x+Y3CxT2DtK5jdU8Y5Y:LIDff9D8C6XYRw6MT2DEj

    Score
    3/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks