cobaltstrike | b68e3d34cadd53258835891d71f40eb21bb7de9ec96a646188b9132edbe17641

General

Target

b68e3d34cadd53258835891d71f40eb21bb7de9ec96a646188b9132edbe17641
Size

205KB
Sample

231001-pkfx5scb56
MD5

f7380faf26480cefb64d52dae429d7b4
SHA1

781f2806e860b61c2ae123e76e3e31a5edbcead0
SHA256

b68e3d34cadd53258835891d71f40eb21bb7de9ec96a646188b9132edbe17641
SHA512

842d8f5dc255bd7591dfd5308f9acc6834d297d01141e6fb9ed2790c4356fba657b309966ce7314b4777f82e19d6f3ea8dd1c6fb3af42dd3b2afbbc043ac23b3
SSDEEP

3072:v/QPFX1eqEfuBNSYuiM8CNj8hFsoMX0ghsJRgCD3iFw9jdUF5W2x:v/MEfuN0t8C5oFsoeRM3o0jq

Score

10^/10

cobaltstrike 426352781

Malware Config

Extracted

Family

cobaltstrike

Botnet

426352781

C2

http://103.106.190.207:80/activity

Attributes

access_type
512
host
103.106.190.207,/activity
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
polling_time
60000
port_number
80
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQChHZITvuNE2QVsdizHGG8YmY9gzdkZrOh7lOUfcj2SV9Huo6ZabXcjaELr2BFkGZImlUvBJYTkTZBR94wd7HnRyxOfGHfv6aH4FiSLRCUtg2G6tLuGDtxrZHvZSDQ3SmxvOphU/QUYJN3B8xLRoBkB0nAfRKffQ0w2OxEHcf9wfQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/submit.php
user_agent
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALC)
watermark
426352781

Targets

- Target
  
  b68e3d34cadd53258835891d71f40eb21bb7de9ec96a646188b9132edbe17641
- Size
  
  205KB
- MD5
  
  f7380faf26480cefb64d52dae429d7b4
- SHA1
  
  781f2806e860b61c2ae123e76e3e31a5edbcead0
- SHA256
  
  b68e3d34cadd53258835891d71f40eb21bb7de9ec96a646188b9132edbe17641
- SHA512
  
  842d8f5dc255bd7591dfd5308f9acc6834d297d01141e6fb9ed2790c4356fba657b309966ce7314b4777f82e19d6f3ea8dd1c6fb3af42dd3b2afbbc043ac23b3
- SSDEEP
  
  3072:v/QPFX1eqEfuBNSYuiM8CNj8hFsoMX0ghsJRgCD3iFw9jdUF5W2x:v/MEfuN0t8C5oFsoeRM3o0jq
Score

3^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2