cobaltstrike | d3284bef52954edbfae478c79b74e35cbc144059dd79c5ea207abf67bbfbd66e

General

Target

d3284bef52954edbfae478c79b74e35cbc144059dd79c5ea207abf67bbfbd66e
Size

257KB
Sample

231024-fagl9aae6x
MD5

8228db2a76f9a5ba7ba4a72ace6fbd90
SHA1

0da20eb0e9e4db95b6b1f071d9b5422eba4f672f
SHA256

d3284bef52954edbfae478c79b74e35cbc144059dd79c5ea207abf67bbfbd66e
SHA512

617b64d62ee6291ebc190823f317379aab4287bfeb8498110f5011e4ebc102b87cc8f9973c29cc5a8bb1366df7ad3ee43ea53333f381fbe8773119bdca710614
SSDEEP

3072:nsYckn3Xzq4IDwSK2Mb1KdEJwJNJsCwQTIfXouPruOOTRK9BQYJerCoAP:nsYwjwI7dEJweGTIDjhOTREQ8f

Score

10^/10

cobaltstrike 1234567890

Malware Config

Extracted

Family

cobaltstrike

Botnet

1234567890

C2

http://47.98.111.20:80/c/msdownload/update/others/2021/02/123125789_

Attributes

access_type
512
host
47.98.111.20,/c/msdownload/update/others/2021/02/123125789_
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAABAAAAAgSG9zdDogZG93bmxvYWQud2luZG93c3VwZGF0ZS5jb20AAAAHAAAAAAAAAAMAAAACAAAACFNFU1NJT049AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAABAAAAAgSG9zdDogZG93bmxvYWQud2luZG93c3VwZGF0ZS5jb20AAAAHAAAAAAAAAAUAAAAJdXBkYXRlX2lkAAAABwAAAAEAAAADAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
jitter
6400
polling_time
34000
port_number
80
sc_process32
%windir%\syswow64\dllhost.exe
sc_process64
%windir%\sysnative\dllhost.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCoi08xPOFKPAOtJf1r7hsS+g8w4KJ+Cc5pNC9S3UuZlYFI5pmKxzm8Ij1wvcOT0MNUC4CJnNrViNpHG+TXTalWQU25Gno8DMcEMHvp6r7t56pc7bgk0O6KDiW5v8wMtcR6mBqOd0tX6x4vJZzp9SPFf1trjYnklAKCTgBMOT4fswIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/c/msdownload/update/others/2021/02/129321231_
user_agent
Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.40
watermark
1234567890

Targets

- Target
  
  d3284bef52954edbfae478c79b74e35cbc144059dd79c5ea207abf67bbfbd66e
- Size
  
  257KB
- MD5
  
  8228db2a76f9a5ba7ba4a72ace6fbd90
- SHA1
  
  0da20eb0e9e4db95b6b1f071d9b5422eba4f672f
- SHA256
  
  d3284bef52954edbfae478c79b74e35cbc144059dd79c5ea207abf67bbfbd66e
- SHA512
  
  617b64d62ee6291ebc190823f317379aab4287bfeb8498110f5011e4ebc102b87cc8f9973c29cc5a8bb1366df7ad3ee43ea53333f381fbe8773119bdca710614
- SSDEEP
  
  3072:nsYckn3Xzq4IDwSK2Mb1KdEJwJNJsCwQTIfXouPruOOTRK9BQYJerCoAP:nsYwjwI7dEJweGTIDjhOTREQ8f
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2