General
-
Target
2023-08-26_8ce38429baddbb4f7fae2b08c290ff7a_cobalt-strike_cobaltstrike_JC.exe
-
Size
208KB
-
Sample
230927-wr5neaee47
-
MD5
8ce38429baddbb4f7fae2b08c290ff7a
-
SHA1
d7b9b7e12d777f7db8e24f1d3e7005c17a9cce3f
-
SHA256
ebaa065d271337817943a89790442b108e0bdcf93b36627be1758b44b070feb9
-
SHA512
9cdb91e032b9f9c48138d260d41d7c2953f95d258cbc4c2726740771aa0eafd83e0f7ce0004e6d1e898897928ce063694d01fd7c9d85e89bbcb321fa9f4f9d94
-
SSDEEP
3072:z+FcIvEbJvYdGVWwk4Kj6olpR2B5f4dS/L4jjZURTswk5Qw6E:AHEbJAZwBqplpAX/Lmj4swbbE
Behavioral task
behavioral1
Sample
2023-08-26_8ce38429baddbb4f7fae2b08c290ff7a_cobalt-strike_cobaltstrike_JC.dll
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
2023-08-26_8ce38429baddbb4f7fae2b08c290ff7a_cobalt-strike_cobaltstrike_JC.dll
Resource
win10v2004-20230915-en
Malware Config
Extracted
cobaltstrike
1873433027
http://81.70.253.205:54321/ca
-
access_type
512
-
beacon_type
2048
-
host
81.70.253.205,/ca
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_method1
GET
-
http_method2
POST
-
maxdns
255
-
polling_time
60000
-
port_number
54321
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCiT7fc1kff5oFoqT+IAWlW8Q20IMT8daqONSbyUAxC0i+mGDJ5rAZkcjtEAZLt87j49FNO5wONqSclfQaPCUe3rBarXX+OuLFDcFk8EwJUAGysCkztp1q6wbMfZlQj2XGHQucyIHRQNHiOToTmOtjDWVV5LNXnKmbk+OUF5QuVJQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALC)
-
watermark
1873433027
Targets
-
-
Target
2023-08-26_8ce38429baddbb4f7fae2b08c290ff7a_cobalt-strike_cobaltstrike_JC.exe
-
Size
208KB
-
MD5
8ce38429baddbb4f7fae2b08c290ff7a
-
SHA1
d7b9b7e12d777f7db8e24f1d3e7005c17a9cce3f
-
SHA256
ebaa065d271337817943a89790442b108e0bdcf93b36627be1758b44b070feb9
-
SHA512
9cdb91e032b9f9c48138d260d41d7c2953f95d258cbc4c2726740771aa0eafd83e0f7ce0004e6d1e898897928ce063694d01fd7c9d85e89bbcb321fa9f4f9d94
-
SSDEEP
3072:z+FcIvEbJvYdGVWwk4Kj6olpR2B5f4dS/L4jjZURTswk5Qw6E:AHEbJAZwBqplpAX/Lmj4swbbE
Score3/10 -