Overview

overview

10

Static

static

10

07c770c077...6f.dll

windows7-x64

1

07c770c077...6f.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    07c770c07780bd40a757c0488dc8ab79ea75527e0f19fa9f24bffd6d0b4db46f

  • Size

    259KB

  • Sample

    231010-z3fefade28

  • MD5

    86e3dbb44036b8e8af5176df4d93c85b

  • SHA1

    aa7dd4822dd0094db6c043445ea37a915244da90

  • SHA256

    07c770c07780bd40a757c0488dc8ab79ea75527e0f19fa9f24bffd6d0b4db46f

  • SHA512

    c5fbaf1d2fb8fe91c7c9d881e5c984cb78ad83b4373dab1b8e540122246ef7f1828584ecf13b3cab852cdb81b892aabce410d683b988a346f7c6ac33493a3f08

  • SSDEEP

    6144:uJqVG5d1IpMyibgkTZI6jHID90aDBXOH/:u3d6tevoxTBXY

Score
10/10
cobaltstrike666666

Malware Config

Extracted

Family

cobaltstrike

Botnet

666666

C2

http://221.234.44.45:4444/__utm.gif

Attributes
  • access_type

    512

  • beacon_type

    2048

  • host

    221.234.44.45,/__utm.gif

  • http_header1

    AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • polling_time

    60000

  • port_number

    4444

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC0gqcWgJRrz/zICC7d/DCNT0CmCRrNNZPaN2AFqKGa6FpJzN5iM78w0JdFOeaj7Qvh1BpQJamUxsqM98Tw7dxIKZZqLJ0DnyqcC1ZpI3MTeWvsQiIduteWt2sZqmQpduU+F1UDPYiW6na34ezuj/NeNVZRz2A78xlVw/n63Vw9dwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /submit.php

  • user_agent

    Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENGB)

  • watermark

    666666

Targets

    • Target

      07c770c07780bd40a757c0488dc8ab79ea75527e0f19fa9f24bffd6d0b4db46f

    • Size

      259KB

    • MD5

      86e3dbb44036b8e8af5176df4d93c85b

    • SHA1

      aa7dd4822dd0094db6c043445ea37a915244da90

    • SHA256

      07c770c07780bd40a757c0488dc8ab79ea75527e0f19fa9f24bffd6d0b4db46f

    • SHA512

      c5fbaf1d2fb8fe91c7c9d881e5c984cb78ad83b4373dab1b8e540122246ef7f1828584ecf13b3cab852cdb81b892aabce410d683b988a346f7c6ac33493a3f08

    • SSDEEP

      6144:uJqVG5d1IpMyibgkTZI6jHID90aDBXOH/:u3d6tevoxTBXY

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks