Overview

overview

10

Static

static

10

1220ef0de1...b3.dll

windows7-x64

1

1220ef0de1...b3.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1220ef0de12bb2068466d464cc69bf5f5e1110d727047db13f587502d34867b3

  • Size

    259KB

  • Sample

    230926-pprkfaae62

  • MD5

    47f7c8cfd89ce6ff589d78c53af2fd11

  • SHA1

    306ffefac0b051ad60e483966ecc6574708d02f6

  • SHA256

    1220ef0de12bb2068466d464cc69bf5f5e1110d727047db13f587502d34867b3

  • SHA512

    50787ab13d7d9a88941b5475b98ed1b2ae49b597392f4885dd3e92b7d005d0ef294e118bb426dc1749c3932e237858c22f7630972d85c7e95ac670e0c5ebb195

  • SSDEEP

    6144:uJqXG5d1Ip8yibgkTZI6jHID90aUBX5H/:u9d6devoxkBXV

Score
10/10
cobaltstrike100000

Malware Config

Extracted

Family

cobaltstrike

Botnet

100000

C2

http://175.178.242.75:50001/cm

Attributes
  • access_type

    512

  • host

    175.178.242.75,/cm

  • http_header1

    AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • polling_time

    60000

  • port_number

    50001

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDLQ5AMcNSVooiCrsRM95zzE9ob77EWd2GQsFi6SkDOuIDRwlDswPoroaI1LpZy5mC4sox5POOBTA+NUWHfRPbHZr7r54+fNAOJfKZnlIVvUec5ZQ25sxBeOT3x3AVkBZRdArMuZV7IZsESIp1Ew83OahtS6shY7uXcmRxz7PUFqwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /submit.php

  • user_agent

    Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)

  • watermark

    100000

Targets

    • Target

      1220ef0de12bb2068466d464cc69bf5f5e1110d727047db13f587502d34867b3

    • Size

      259KB

    • MD5

      47f7c8cfd89ce6ff589d78c53af2fd11

    • SHA1

      306ffefac0b051ad60e483966ecc6574708d02f6

    • SHA256

      1220ef0de12bb2068466d464cc69bf5f5e1110d727047db13f587502d34867b3

    • SHA512

      50787ab13d7d9a88941b5475b98ed1b2ae49b597392f4885dd3e92b7d005d0ef294e118bb426dc1749c3932e237858c22f7630972d85c7e95ac670e0c5ebb195

    • SSDEEP

      6144:uJqXG5d1Ip8yibgkTZI6jHID90aUBX5H/:u9d6devoxkBXV

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks