Overview

overview

10

Static

static

10

4cdba72883...4e.ps1

windows7-x64

4cdba72883...4e.ps1

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    4cdba728838e8edf599700755d579f4e

  • Size

    193KB

  • MD5

    4cdba728838e8edf599700755d579f4e

  • SHA1

    4f7e6f9b34995f4a1f5eaccb143d310d7b823482

  • SHA256

    59a4baa9d3ef8a6431e30b234e20654fcdf0b06a95df18e5eb7bdd77e9296152

  • SHA512

    a64e56b4ef6993196678dacc6f4d6b558c2301f7e317303b012f063c0586d35e5ac53f44eea7b562b807654cf60a6a084f4f64c2e08990aa063821b0020853fe

  • SSDEEP

    6144:b088Gtgsxs6kn02zKoerd/U1vFzhV/zVg:Y8yDAphc1vdhVRg

Score
10/10
0cobaltstrike

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

C2

http://zaebkaor.com:80/access/

Attributes
  • access_type

    512

  • host

    zaebkaor.com,/access/

  • http_header1

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAeR2V0Q29udGVudEZlYXR1cmVzLkRMTkEuT1JHOiAxAAAAEAAAACBIb3N0OiBhdWRpby1zdjUtdDEtMy5wYW5kb3JhLmNvbQAAAAoAAABIQ29va2llOiAgX191dG1hPTM2NDYyMTM1OS41MjM0NjE5MDU3LjE3NjIzMzM0MTYuMjg1MTMzMDAxOC43MTg3OTE1MTIwLjM7AAAACQAAAAl2ZXJzaW9uPTQAAAAJAAAADmxpZD0wMzIzMzY5OTAwAAAABwAAAAAAAAAIAAAABQAAAAV0b2tlbgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAQAAAAFUhvc3Q6IHd3dy5wYW5kb3JhLmNvbQAAAAcAAAAAAAAABQAAAANyaWQAAAAJAAAADmxpZD0zNDY5MDI4Njg1AAAACQAAAB9tZXRob2Q9Z2V0U2VhcmNoUmVjb21tZW5kYXRpb25zAAAABwAAAAEAAAADAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • polling_time

    280

  • port_number

    80

  • sc_process32

    %windir%\syswow64\mstsc.exe

  • sc_process64

    %windir%\sysnative\mstsc.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVAlI5gsqLmv0LMK7XfagjTJhvYL6pITW7wU3zzqiFp6AYbdmwV+5VItzRiMOMiepe25BU9i5d7Rnf040evd4cHTg8U9ABVNnaimZla/yEI91SesyKURkVEB8ZqE5XXRi83nZmcbvlcDoG/0Mip2eur4L7PPsEOM08TnrpjeGACQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    7.382016e+08

  • unknown2

    AAAABAAAAAIAAAAQAAAAAgAAABAAAAACAAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /radio/xmlrpc/v35

  • user_agent

    Mozilla/5.0 (Windows NT 6.1; rv:1.9) Gecko/20100101 Firefox/4.0

  • watermark

    0

Signatures

Files

  • 4cdba728838e8edf599700755d579f4e
    .ps1