General

  • Target

    08111ee4bb50824431c078d83047c4e63e6ca014469657ad0ccffc352201f771

  • Size

    259KB

  • Sample

    231022-qra6xaae76

  • MD5

    3f63e2a38ace85a22afc82a2bd15906b

  • SHA1

    ad91e4474e0889667fa8a02e6d2a928f1fbc561a

  • SHA256

    08111ee4bb50824431c078d83047c4e63e6ca014469657ad0ccffc352201f771

  • SHA512

    cb2e24e7eab6df06a4f68f6f0f73010b6b3d74c9c09d1995cf54b4e09e0afc01c7aa5d927f6c8e0e3636a2a670ab5693e43a506f89c5e11599d3074a7bd2ebf7

  • SSDEEP

    6144:uJqVG5d1IpMyibgkTZI6jHID90a5BXTH/:u3d6tevoxpBXj

Score
10/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

100000

C2

http://103.234.72.214:1666/pixel.gif

Attributes
  • access_type

    512

  • host

    103.234.72.214,/pixel.gif

  • http_header1

    AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • polling_time

    60000

  • port_number

    1666

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3XExQHTGi1JQ8uO72GjcLGC8tS1OJ+I8VE48LC7/SZV9z6iwUQhMh3urLGjr8m0xjzcEyqtkzt11cALA7R2Yp8Uaz/jmT3ZqyenOs1klcT6/iYoJmuq0DAsYPQce8m67+dEqx7nlXLkmrPs+utXGBhp/cuVshBoyGSY+pVWXz1QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /submit.php

  • user_agent

    Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)

  • watermark

    100000

Targets

    • Target

      08111ee4bb50824431c078d83047c4e63e6ca014469657ad0ccffc352201f771

    • Size

      259KB

    • MD5

      3f63e2a38ace85a22afc82a2bd15906b

    • SHA1

      ad91e4474e0889667fa8a02e6d2a928f1fbc561a

    • SHA256

      08111ee4bb50824431c078d83047c4e63e6ca014469657ad0ccffc352201f771

    • SHA512

      cb2e24e7eab6df06a4f68f6f0f73010b6b3d74c9c09d1995cf54b4e09e0afc01c7aa5d927f6c8e0e3636a2a670ab5693e43a506f89c5e11599d3074a7bd2ebf7

    • SSDEEP

      6144:uJqVG5d1IpMyibgkTZI6jHID90a5BXTH/:u3d6tevoxpBXj

    Score
    1/10

MITRE ATT&CK Matrix

Tasks