General

  • Target

    94d91032d0b36d553a1045e3aae365e13bd9d6d6a2fc4d0bb4fe722f31af904e

  • Size

    259KB

  • Sample

    231011-sy4g5shh29

  • MD5

    b0c40e292dccaa0bd8b277404d58aae4

  • SHA1

    381a80919c3920b9de1a05f5e9122d1086904b42

  • SHA256

    94d91032d0b36d553a1045e3aae365e13bd9d6d6a2fc4d0bb4fe722f31af904e

  • SHA512

    ee4dd99316610a29004ff14e791e3957f3be35603e18540b197b80f4661db18690fee38443f71f68eb3d78d4a3493a0ad7a89fcb3b24df9aff4d574b44dc583d

  • SSDEEP

    6144:uJqVG5d1IpMyibgkTZI6jHID90abBXqH/:u3d6tevoxrBXc

Score
10/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

100000

C2

http://39.101.69.72:11111/updates.rss

Attributes
  • access_type

    512

  • host

    39.101.69.72,/updates.rss

  • http_header1

    AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • polling_time

    60000

  • port_number

    11111

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDabItIKqA2lxr4XuG1GIkQykzYfu6m5ooWRAcqul7qPRf4bERxPRN0qsi+eudidk7ofh+6HbiRv7U3RDPcN6EguFk/nFL3dEccWFeh1EnzzW9G7Q/Kl2oX+FLKb/h/f5xBCLiAT1WGjQtBBugv0M+lDALwNI/9YfSv222HrAiGLwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /submit.php

  • user_agent

    Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; Xbox)

  • watermark

    100000

Targets

    • Target

      94d91032d0b36d553a1045e3aae365e13bd9d6d6a2fc4d0bb4fe722f31af904e

    • Size

      259KB

    • MD5

      b0c40e292dccaa0bd8b277404d58aae4

    • SHA1

      381a80919c3920b9de1a05f5e9122d1086904b42

    • SHA256

      94d91032d0b36d553a1045e3aae365e13bd9d6d6a2fc4d0bb4fe722f31af904e

    • SHA512

      ee4dd99316610a29004ff14e791e3957f3be35603e18540b197b80f4661db18690fee38443f71f68eb3d78d4a3493a0ad7a89fcb3b24df9aff4d574b44dc583d

    • SSDEEP

      6144:uJqVG5d1IpMyibgkTZI6jHID90abBXqH/:u3d6tevoxrBXc

    Score
    1/10

MITRE ATT&CK Matrix

Tasks