Overview

overview

10

Static

static

10

2dd90e1a05...42.dll

windows7-x64

1

2dd90e1a05...42.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2dd90e1a054659819256226000b0f7369e1e1b13a0616195cae245530c149942

  • Size

    259KB

  • Sample

    231018-bfmcgabg99

  • MD5

    3de1dfa55363ecb85f073a6f9ddcf30b

  • SHA1

    2adf79fee109c6750e0e06a819f5b91c8f6fdfe8

  • SHA256

    2dd90e1a054659819256226000b0f7369e1e1b13a0616195cae245530c149942

  • SHA512

    1ac2a21afd39246ecb2c1b528a5fb1f6fdf676754b7f1186396cd2d8447bfb7e8e1fa2236200c7b13b3ca17676aa188f59646910397c7a4d6474df66c55e61c4

  • SSDEEP

    6144:uJqVG5d1IpMyibgkTZI6jHID90arBX/H/:u3d6tevoxbBXH

Score
10/10
cobaltstrike100000

Malware Config

Extracted

Family

cobaltstrike

Botnet

100000

C2

http://192.168.166.130:80/pixel.gif

Attributes
  • access_type

    512

  • host

    192.168.166.130,/pixel.gif

  • http_header1

    AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • polling_time

    60000

  • port_number

    80

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCJgWcnT0lmi16tB1A1Qvf9ZiQ8qMY8x8/FEihaa8NmbdRqczjpRTulP9OdHjrbQq1rxTtM5BA95xjePLSSnuzeFHGWw50U0mWGcu5WdfoJxwrs9tKIhQ3hcLoS3UKeEX8LcQjfa2hyqgmwmwwzlvBDx9tbCdQUvNb0BcsGyaxKmQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /submit.php

  • user_agent

    Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)

  • watermark

    100000

Targets

    • Target

      2dd90e1a054659819256226000b0f7369e1e1b13a0616195cae245530c149942

    • Size

      259KB

    • MD5

      3de1dfa55363ecb85f073a6f9ddcf30b

    • SHA1

      2adf79fee109c6750e0e06a819f5b91c8f6fdfe8

    • SHA256

      2dd90e1a054659819256226000b0f7369e1e1b13a0616195cae245530c149942

    • SHA512

      1ac2a21afd39246ecb2c1b528a5fb1f6fdf676754b7f1186396cd2d8447bfb7e8e1fa2236200c7b13b3ca17676aa188f59646910397c7a4d6474df66c55e61c4

    • SSDEEP

      6144:uJqVG5d1IpMyibgkTZI6jHID90arBX/H/:u3d6tevoxbBXH

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks