User tags

Assigned on submission by the user, not by sandbox detections.

Threatview.io Proactive Hunter

General

  • Target

    火绒.exe.1

  • Size

    9MB

  • Sample

    231207-y4n8asfd29

  • MD5

    180672edc8f3976d1d3c753243dcc7a7

  • SHA1

    676fb839d81259e3455d1e86703589111c47f3b7

  • SHA256

    7ddb232a675e2a4a1cc2d23c2c3f622ba55b39ee5e61d1acf50e71381a6bc7da

  • SHA512

    58c6897056c41ee360d6f5e6e80aca96314e7ec225909af5fef81dcae3270d90beca13bb6dd3ac7d3efb772c7641cea18ef3c85f91a564bf6d6b698acfaa0c6f

  • SSDEEP

    196608:lgE4nd8QO87G50mr2puHUHNT29onJ5hrZEOe9tGPqKPNqTbCGRWJ9h:+E4GW7GKmr2pu0tT29c5hlEcPNA3Pg

Malware Config

Extracted

Family

cobaltstrike

Botnet

391144938

C2

http://117.50.163.113:8111/js/main.js

Attributes
  • access_type

    512

  • host

    117.50.163.113,/js/main.js

  • http_header1

    AAAACgAAAAtBY2NlcHQ6ICovKgAAABAAAAAQSG9zdDogbWVkaWF2LmNvbQAAAAoAAAAgUmVmZXJlcjogaHR0cHM6Ly93d3cubWVkaWF2LmNvbS8AAAAHAAAAAAAAAA0AAAACAAAACHNlc3Npb249AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAACQAAAB1uZXh0PSUyRmFkZCUyRmNyZWF0ZSUyRnNob3dpZAAAAAoAAACPQWNjZXB0OiB0ZXh0L2h0bWwsYXBwbGljYXRpb24veGh0bWwreG1sLGFwcGxpY2F0aW9uL3htbDtxPTAuOSxpbWFnZS9hdmlmLGltYWdlL3dlYnAsaW1hZ2UvYXBuZywqLyo7cT0wLjgsYXBwbGljYXRpb24vc2lnbmVkLWV4Y2hhbmdlO3Y9YjM7cT0wLjkAAAAKAAAAL0NvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkAAAACgAAABxVcGdyYWRlLUluc2VjdXJlLVJlcXVlc3RzOiAxAAAAEAAAABBIb3N0OiBtZWRpYXYuY29tAAAABwAAAAAAAAAPAAAADQAAAAUAAAAHbG9nZm9ybQAAAAcAAAABAAAADwAAAA0AAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • polling_time

    500

  • port_number

    8111

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtELbD69mDAu2VN13EyEvVBnViy+q90bBqVNerdBK1Ywkq/RXvBXReu5btWHSHdHcVt1kaXBvRPCdPa6wn9CRJPBlkLd36Eih5lKazX5YSBHDJy9o0IWgn3JHfbp+8ld+PBqflzwYQu57MM5zhrdcnQCjXLjpV84Ezr5hJr35tawIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    2.002130176e+09

  • unknown2

    AAAABAAAAAIAAAEcAAAADQAAAA8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /login

  • user_agent

    Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

  • watermark

    391144938

Targets

    • Target

      火绒.exe.1

    • Size

      9MB

    • MD5

      180672edc8f3976d1d3c753243dcc7a7

    • SHA1

      676fb839d81259e3455d1e86703589111c47f3b7

    • SHA256

      7ddb232a675e2a4a1cc2d23c2c3f622ba55b39ee5e61d1acf50e71381a6bc7da

    • SHA512

      58c6897056c41ee360d6f5e6e80aca96314e7ec225909af5fef81dcae3270d90beca13bb6dd3ac7d3efb772c7641cea18ef3c85f91a564bf6d6b698acfaa0c6f

    • SSDEEP

      196608:lgE4nd8QO87G50mr2puHUHNT29onJ5hrZEOe9tGPqKPNqTbCGRWJ9h:+E4GW7GKmr2pu0tT29c5hlEcPNA3Pg

MITRE ATT&CK Matrix

Tasks