General
-
Target
230914-01-Cobaltstrike.zip
-
Size
811KB
-
Sample
231014-bh1ymsah58
-
MD5
2e75d1c793dcbb587b876a1ec52f5ab2
-
SHA1
a84209c77ba8114aa3aa6c28de38df1742371120
-
SHA256
5a275a65041370902a39ff51fec381ce0aa14bceadaab37f21410bd5cf7765dd
-
SHA512
a7a78b243b74225a45723fe16b9a800276f8baf6912d2512712f21a53f21f816021b350e3a3f3060025d79973da693b5687b09b0524c8475f25ad8b00c062d2a
-
SSDEEP
24576:Yi73ZZ9ls6JUOM6Owv0Cx9S/Shpyx8N6K+rSOJPed:Yi73Z3vJbl9tIxPM
Static task
static1
Behavioral task
behavioral1
Sample
main.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
main.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
cobaltstrike
100000
http://206.237.17.176:8443/pixel.gif
-
access_type
512
-
beacon_type
2048
-
host
206.237.17.176,/pixel.gif
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
8443
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvjuYvf60BtyAlDz4ZCanpB8v1IvFxQcW0TQKIZjXTFbkjUyweLLei6qqrEnPa5Zigs2v9ivFyBLwSLlcZeg2LLxUz67Ka+ee/AVGG0bSX3Kye/QF6mz7qIXer/C0A9AJjUQdYKU62tbjZXdbQuTnUZ/kC0NB6CCi7Q8fhDbpsrwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0)
-
watermark
100000
Extracted
cobaltstrike
0
-
watermark
0
Targets
-
-
Target
main.exe
-
Size
1.8MB
-
MD5
cde98fef18f15ebc886f13cbd446228e
-
SHA1
4ef7fead6e24a5f93b21712e049632fba7baf7f0
-
SHA256
11924363bbb2981801b4680310b2de31a44774868ded45f228f7e03179bc3bd9
-
SHA512
fcb65475cfe7d5ed96b080bfadcb1536bb377a83d67b71c0b50c0b80b6a36f9d9d8a61f8b3d971616b7493e6b3b574b3df6e1efeedece53d7716a18e25f70acd
-
SSDEEP
49152:TNtnbcPlbu3NNZPz5jqivGhZYgdX4lGD1:2o3/ZZj
Score10/10 -