Overview

overview

10

Static

static

10

ec1b9feb82...71.dll

windows7-x64

1

ec1b9feb82...71.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ec1b9feb82230cfac16393620d3a292bd5d6625f024573fc231ea953688f0471

  • Size

    259KB

  • Sample

    231025-3leclahc93

  • MD5

    9baa9277655db17c2c12562fc5d4b9d0

  • SHA1

    3815b1db088173b226c335c20fb63763d92d9afc

  • SHA256

    ec1b9feb82230cfac16393620d3a292bd5d6625f024573fc231ea953688f0471

  • SHA512

    132eb02b137e3a38a426f527d7e6fdb5701816dd82c2de250e1ea509df84dab6d9bc99f3a31e9db04c76cd2dc249c176728ab8a37c239dd8167e36c60b2fb736

  • SSDEEP

    6144:uJqXG5d1Ip8yibgkTZI6jHID90agNBXDH/:u9d6devoxQNBXz

Score
10/10
cobaltstrike100000

Malware Config

Extracted

Family

cobaltstrike

Botnet

100000

C2

http://www.francy.world:8443/updates.rss

Attributes
  • access_type

    512

  • beacon_type

    2048

  • host

    www.francy.world,/updates.rss

  • http_header1

    AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • polling_time

    60000

  • port_number

    8443

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDDohWpPN9dK5Iaq3j5MARwhwXxMD+LZJY92SEg755tH3cbGJDwjAjae+Cq14PUO5w33EpPbdmLoEfwZmXv2Zz/AYj0O8mNmRw35sEPhPXGKj1Snqz4qS1EVBYgJOSMLEUCg7LBwHQtvsGnoZjszjkVqf9Hi9INcnBF8qLyh4JrKQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /submit.php

  • user_agent

    Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

  • watermark

    100000

Targets

    • Target

      ec1b9feb82230cfac16393620d3a292bd5d6625f024573fc231ea953688f0471

    • Size

      259KB

    • MD5

      9baa9277655db17c2c12562fc5d4b9d0

    • SHA1

      3815b1db088173b226c335c20fb63763d92d9afc

    • SHA256

      ec1b9feb82230cfac16393620d3a292bd5d6625f024573fc231ea953688f0471

    • SHA512

      132eb02b137e3a38a426f527d7e6fdb5701816dd82c2de250e1ea509df84dab6d9bc99f3a31e9db04c76cd2dc249c176728ab8a37c239dd8167e36c60b2fb736

    • SSDEEP

      6144:uJqXG5d1Ip8yibgkTZI6jHID90agNBXDH/:u9d6devoxQNBXz

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks