cobaltstrike | a73eadb907783e34e9c8e1ee2e110d78

General

Target

a73eadb907783e34e9c8e1ee2e110d78
Size

213KB
MD5

a73eadb907783e34e9c8e1ee2e110d78
SHA1

3b489177e75f10a65931ba0c50e14f392e6f9084
SHA256

da60b29c2d135e90b2393652ffd8ee0d1cecaa5d2ab2bac2740baa285769ba8c
SHA512

a24052d0aab9deccbf844d5c2a8b70506ee43370cccab5e9b4876960f5d1cb1c4967df97194cf9ac92e15bc8a725f7eb53b9bf29091e644913174837c4fd2217
SSDEEP

3072:u+FcIvEbJvYdGVWwk4Kj6olpR2B5f4dS/L4jjZU71+Unw6EE:zHEbJAZwBqplpAX/LmjYpbE

Score

10^/10

0 cobaltstrike

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

C2

http://114.33.71.29:8090/s/ref=nb_sb_noss_1/591-57121344-2366315/field-keywords=year

Attributes

access_type
512
beacon_type
2048
dns_idle
1.743977421e+09
host
114.33.71.29,/s/ref=nb_sb_noss_1/591-57121344-2366315/field-keywords=year
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy1jZVdVMU9TUzIzZm5sYzNRdHNRc3w5MDU0ODgwNDgyMTA1AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz04OTczAAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
jitter
3328
maxdns
244
polling_time
6000
port_number
8090
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCCoSzQHgUYWswkVUhKl3Lj6KfDNR36Skh0aB4AR1PgALDH/iD+k+RVgggZcM9Ka1H26iqiMDp3Fb2tAFLveBqoKsWONB30w7AGah+duPOAA9EjNnBqyyQKv7jesNkgNkgpN0Ht5Gugc/l8+0KMLF32cg95SqEUR711VRvY5ufUJwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
2.896833024e+09
unknown2
AAAABAAAAAMAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N3744/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.73 Safari/537.36 OPR/34.0.2036.25
watermark
0

Signatures

Cobaltstrike family
cobaltstrike

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a73eadb907783e34e9c8e1ee2e110d78

Files

a73eadb907783e34e9c8e1ee2e110d78
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 211KB - Virtual size: 210KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 211KB - Virtual size: 210KB

.rsrc Size: 1024B - Virtual size: 672B

.reloc Size: 512B - Virtual size: 12B

.text
Size: 211KB - Virtual size: 210KB

.rsrc
Size: 1024B - Virtual size: 672B

.reloc
Size: 512B - Virtual size: 12B