Overview

overview

10

Static

static

10

TS-240220-UF7.exe

windows7-x64

TS-240220-UF7.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    TS-240220-UF7.exe

  • Size

    204KB

  • Sample

    240220-tzytqabd31

  • MD5

    180706b330b507e9f5dbf30fb47c1871

  • SHA1

    b00fcfcd58522c435a891c14afd2e6df1718693f

  • SHA256

    2d17d857305ffb2df0ec48cd461a038b0b3e719c1e4d76902dfc038ec196cbd5

  • SHA512

    2e1b77b31edf5c21eb2752f3ecd6a48a5e31588af5562d228e3171e85b8464cf3d793705fd32be90e25423ce01a102a656f1c03eb4220d042f8631a456f8b71a

  • SSDEEP

    3072:shKoz8KKJ39Mr54g1Eqv+H48cOShMQLYAwdxAKRarTtb0Gl:mIKKV29bGjYXOfqYAwRapYGl

Score
10/10
cobaltstrike305419896

Malware Config

Extracted

Family

cobaltstrike

Botnet

305419896

C2

http://68.183.111.170:443/en_US/all.js

Attributes
  • access_type

    512

  • beacon_type

    2048

  • host

    68.183.111.170,/en_US/all.js

  • http_header1

    AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_method1

    GET

  • http_method2

    POST

  • maxdns

    255

  • polling_time

    60000

  • port_number

    443

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCChJ5VRRRERu5aWno+2Ui43z91EoUsP5ibovQzajEId2E00xb9XOCB7aum038Z0gPz5hhl1jwWLyEK8Mj5fdCBd0mkkZqlYGjAcQiQ5AMJEt4+Cl/UFgQOxITj23qRlUGzqW78hJ6SeMcGG06RpxtAUqXIQGv1oBqbUf4kjJcEnwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /submit.php

  • user_agent

    Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)

  • watermark

    305419896

Targets

    • Target

      TS-240220-UF7.exe

    • Size

      204KB

    • MD5

      180706b330b507e9f5dbf30fb47c1871

    • SHA1

      b00fcfcd58522c435a891c14afd2e6df1718693f

    • SHA256

      2d17d857305ffb2df0ec48cd461a038b0b3e719c1e4d76902dfc038ec196cbd5

    • SHA512

      2e1b77b31edf5c21eb2752f3ecd6a48a5e31588af5562d228e3171e85b8464cf3d793705fd32be90e25423ce01a102a656f1c03eb4220d042f8631a456f8b71a

    • SSDEEP

      3072:shKoz8KKJ39Mr54g1Eqv+H48cOShMQLYAwdxAKRarTtb0Gl:mIKKV29bGjYXOfqYAwRapYGl

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks