General

  • Target

    NEAS.a442ae5c76072873c8799ce6d53674d0.exe

  • Size

    260KB

  • Sample

    231021-1ba63shf79

  • MD5

    a442ae5c76072873c8799ce6d53674d0

  • SHA1

    b59937538aae8bfb005a80d52c13e4a9a822b321

  • SHA256

    d58a1d317dab76b48efcba63c84b74949e2a958487cabe350379799b7492f2a7

  • SHA512

    e75c1c56b7d23091222ad93b42f24b92daf8bccd51d777ad92c0fd9df1f22d9d3a4c6fec64ef3516d805823e29e1e6dafdaee18df6f094df08e4de14588d50fd

  • SSDEEP

    3072:7c0nsHpyvGj346lbkBN/gppj8aJGIhxjT3A8ygbLAZmitdGl5w9tQYJ1b/S1PGoB:7c0bPzIpt8ahTw8PHA8itQWQvBuE

Score
10/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

426352781

C2

http://192.168.211.128:80/pixel

Attributes
  • access_type

    512

  • host

    192.168.211.128,/pixel

  • http_header1

    AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • polling_time

    60000

  • port_number

    80

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDRrA1HtdLhwlY+stYJm/kbwjRGqOwb62mg+e06TH/zN6ULirCAETzcqKAT+LF5lN03VQQiJJSLDpzD3TIP7j5ddfpokZBMSjETyde3h/wGvMjD83jM3ODnoygLFbSXPReIDGqKI1L/AN0wkF396OUsR/OsW+TGBpTcxB1wnBCAIQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /submit.php

  • user_agent

    Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; MAAU; NP08)

  • watermark

    426352781

Targets

    • Target

      NEAS.a442ae5c76072873c8799ce6d53674d0.exe

    • Size

      260KB

    • MD5

      a442ae5c76072873c8799ce6d53674d0

    • SHA1

      b59937538aae8bfb005a80d52c13e4a9a822b321

    • SHA256

      d58a1d317dab76b48efcba63c84b74949e2a958487cabe350379799b7492f2a7

    • SHA512

      e75c1c56b7d23091222ad93b42f24b92daf8bccd51d777ad92c0fd9df1f22d9d3a4c6fec64ef3516d805823e29e1e6dafdaee18df6f094df08e4de14588d50fd

    • SSDEEP

      3072:7c0nsHpyvGj346lbkBN/gppj8aJGIhxjT3A8ygbLAZmitdGl5w9tQYJ1b/S1PGoB:7c0bPzIpt8ahTw8PHA8itQWQvBuE

    Score
    1/10

MITRE ATT&CK Matrix

Tasks