General

  • Target

    02ca69bf30c90b9a5ad9017fb0cf07295900f603a1f715f9d74b6a6924513df8

  • Size

    259KB

  • MD5

    b0eaead88c038d123c0daa06c3278a7b

  • SHA1

    406997795ddc7e0d0e475d49a1d6f128d9c39e75

  • SHA256

    02ca69bf30c90b9a5ad9017fb0cf07295900f603a1f715f9d74b6a6924513df8

  • SHA512

    e720b17557094a64536de31afa7c4074f30e0d7da48219bad24a8054ccee7c09ce4e819569c22bfb836746ea9f7fd399a3870b28a2d4050d17f32e3aff5b8f75

  • SSDEEP

    3072:REX+XSzARN6v+Xkce1Z53/gpErbJ21TjPThZb2fQgEz6i0ZcV9CYJYiK+80:REX5ye1bIpErbaTSI5z6i0cCX+

Score
10/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

100000

C2

http://ns1.pwns.fun:53/api/x

http://ns2.pwns.fun:53/api/x

Attributes
  • access_type

    512

  • beacon_type

    256

  • host

    ns1.pwns.fun,/api/x,ns2.pwns.fun,/api/x

  • http_method1

    GET

  • http_method2

    POST

  • maxdns

    255

  • polling_time

    3000

  • port_number

    53

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDDohWpPN9dK5Iaq3j5MARwhwXxMD+LZJY92SEg755tH3cbGJDwjAjae+Cq14PUO5w33EpPbdmLoEfwZmXv2Zz/AYj0O8mNmRw35sEPhPXGKj1Snqz4qS1EVBYgJOSMLEUCg7LBwHQtvsGnoZjszjkVqf9Hi9INcnBF8qLyh4JrKQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    1.481970944e+09

  • watermark

    100000

Signatures

  • Cobaltstrike family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 02ca69bf30c90b9a5ad9017fb0cf07295900f603a1f715f9d74b6a6924513df8
    .dll windows:5 windows x64

    afa8a53d34abf71b58ad3e605d7f958b


    Headers

    Imports

    Exports

    Sections