Overview

overview

10

Static

static

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2ce1e1c56c82708afcdcfccc8c3892f7

  • Size

    204KB

  • MD5

    2ce1e1c56c82708afcdcfccc8c3892f7

  • SHA1

    a9b57f3ab08bfc51e7e1cdc93036035a0086f1ad

  • SHA256

    f551e2fe91759214b38f06d03c73f8afcc6171bf0218439106b00533855b4639

  • SHA512

    a878bed4a8a1d93245077dab57c64e49b50f2af628a28e0fe59a64b1ca50d1e9f765c6b287dc22f10ed58deccbceb7d9ae388713940e3b7c562e51b2a8c471bc

  • SSDEEP

    6144:6gcAT9NFl6yaM8ADqlkGFalzWSOlBOcE+7Wp1u:/l9NT6yFkknaScUc3Eg

Score
10/10
305419896cobaltstrike

Malware Config

Extracted

Family

cobaltstrike

Botnet

305419896

C2

http://47.106.217.103:30001/cx

Attributes
  • access_type

    512

  • host

    47.106.217.103,/cx

  • http_header1

    AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_method1

    GET

  • http_method2

    POST

  • maxdns

    255

  • polling_time

    60000

  • port_number

    30001

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCEPE7aSDfNzW8UbUF15Z6ci63+7H1uuneni9UgKKbihdkDP1p0SR95/7xX0ebKgerN4AaRpTvzgNcOuKNtYQw6COOYGHUS5JxZ+KG1aAvNfFRy8mwWmsx5gBhmErm0Xb3krHbFVOhsl7Qko/1NHx2pluP0zrKO+JEFhU7KQ1l7aQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /submit.php

  • user_agent

    Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENUS)

  • watermark

    305419896

Signatures

Files

  • 2ce1e1c56c82708afcdcfccc8c3892f7