cobaltstrike | 1744-12-0x0000000000450000-0x00000000004D7000-memory[.]dmp

Sharing

Copy URL

Twitter E-mail

General

Target

1744-12-0x0000000000450000-0x00000000004D7000-memory.dmp
Size

540KB
MD5

71e25058785c8ba85cfea63c5b1d751a
SHA1

2bbbdf7cc6b4b77c538ab73c2e4f9315f27358d9
SHA256

183a709be217d1fcccf28db0f19893017cd144d2d83b36be23976d8cb8710054
SHA512

b0363b35bc8b0b844a0f55065b7c8b3c13d83fc57a0b19317dff0fb887a3515742f2d8e32b94df2c1adcab78170977d21887ff197caf0a75feec9cbd21f4674f
SSDEEP

3072:EQj+iGcSiorpclcUGW+GIGmLKKJOc9JLPwfO9K9hjLAKZ71XLhj9UdsrIi2:t+GorWlc7GKJJJLPwW9K9d5Z719jv

Score

10^/10

206546002 cobaltstrike

Malware Config

Extracted

Family

cobaltstrike

Botnet

206546002

http://harmonyshoused.com:443/design/query/9X5M3SOE0F

Attributes

access_type
512
beacon_type
2048
host
harmonyshoused.com,/design/query/9X5M3SOE0F
http_header1
AAAACgAAADhBY2NlcHQ6IGFwcGxpY2F0aW9uL3hodG1sK3htbCwgYXBwbGljYXRpb24vanNvbiwgaW1hZ2UvKgAAAAoAAAAWQWNjZXB0LUxhbmd1YWdlOiBlcy1kbwAAAAoAAAAcQWNjZXB0LUVuY29kaW5nOiAqLCBpZGVudGl0eQAAAAcAAAAAAAAADwAAAA0AAAACAAAABl9XR2lkPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAACgAAADdBY2NlcHQ6IGltYWdlLyosIGFwcGxpY2F0aW9uL3htbCwgYXBwbGljYXRpb24veGh0bWwreG1sAAAACgAAABNBY2NlcHQtTGFuZ3VhZ2U6IGx2AAAACgAAAB1BY2NlcHQtRW5jb2Rpbmc6IGlkZW50aXR5LCBicgAAAAcAAAAAAAAADwAAAAgAAAAFAAAACV9TVUpQTVdUWgAAAAcAAAABAAAADwAAAA0AAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
jitter
8960
polling_time
93780
port_number
443
sc_process32
%windir%\syswow64\DevicePairingWizard.exe
sc_process64
%windir%\sysnative\DevicePairingWizard.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCN5UAJbAA83lOuZlkNoqHDAdV1F7OJnqUiF3kD6mwuXzJzVpu9+f4l/QIUotuiQA+vvxdM3q/XGu77WogAe90LRUknEdoD6YnU32G/ts9dbSwG6HySt7cLn5B3FsomLWjBbssH9e31TihCUvZbK6PRzmLW4SBgZigBWLXZgu7+SwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
8.72947712e+08
unknown2
AAAABAAAAAEAAAOOAAAAAgAABJ4AAAALAAAADwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/run/redirect/QD77MO6RQ
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.1805 Safari/537.36 MVisionPlayer/1.0.0.0
watermark
206546002

Signatures

Cobaltstrike family
cobaltstrike

Files

1744-12-0x0000000000450000-0x00000000004D7000-memory.dmp