Overview

overview

10

Static

static

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    74f2a577ff603134382ff997f61c4ab3

  • Size

    203KB

  • Sample

    240125-tqsw4sbcgk

  • MD5

    74f2a577ff603134382ff997f61c4ab3

  • SHA1

    cd49688fa20d98a91cfb0ccd4032965664073016

  • SHA256

    2d3df290ce089705fa77ab9a6d7ec4ef491aa83f087040b4e1ef41785931e7f5

  • SHA512

    c44ba0f53143517ae9a1c0d8b7008c13c5604df8b566988fd3abd8dacb494a8cfa7298ec5a484c6bf54fbba53c844fe39de5f7ae2840dc26e2070ac78cab5ee4

  • SSDEEP

    6144:ve8ao6Zjm5W96ZoCyCZHj0SEGvgGvWxNhoHhy:vvcjIuCyC5IbTxNhShy

Score
10/10
cobaltstrike1359593325

Malware Config

Extracted

Family

cobaltstrike

Botnet

1359593325

C2

http://pypi.python.org:443/latest/pip-check

Attributes
  • access_type

    512

  • beacon_type

    2048

  • host

    pypi.python.org,/latest/pip-check

  • http_header1

    AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAAAoAAAAfUmVmZXJlcjogaHR0cDovL3d3dy5weXRob24ub3JnLwAAAAoAAAAeQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlAAAABwAAAAAAAAANAAAAAgAAAAdfX3V0bXo9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAAAoAAAAfUmVmZXJlcjogaHR0cDovL3d3dy5weXRob24ub3JnLwAAAAoAAAAeQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlAAAABwAAAAAAAAAPAAAADQAAAAUAAAAGX191dG16AAAABwAAAAEAAAAPAAAADQAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • jitter

    2560

  • polling_time

    1000

  • port_number

    443

  • sc_process32

    %windir%\syswow64\dllhost.exe

  • sc_process64

    %windir%\sysnative\dllhost.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCKe2aQ+F54Gt1hWz91/LMbezy8lWmWopgu7blJ8e54/cHj/H9LdSgcbFuPNmSHJjOYH8RaoYhPU6oRCSXGVBJUqG/lSfkb2M0kNE3gK7thBA9BGrEyng9nAgFZWKmkHwHkVHJ93NYHVXq4IrU43gSh/aPYfIYd5iEW5Z1wwX3dEwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    1.733629184e+09

  • unknown2

    AAAABAAAAAEAAAACAAAAAgAAAAoAAAACAAAAAAAAAA0AAAAPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /latest/check

  • user_agent

    Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.190 Safari/537.36

  • watermark

    1359593325

Targets

    Tasks