Overview

overview

10

Static

static

10

1e4709ae68...e8.dll

windows7-x64

1

1e4709ae68...e8.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1e4709ae68528459ee177c2c8121f97339356d846ab6beb4fca30d41cd8126e8

  • Size

    259KB

  • Sample

    240221-jf5g2sda3y

  • MD5

    5f6ef1de8f5e502ea6bf1bd701fbae64

  • SHA1

    a018dc39308c6055543a3f9ebc8fefbda2ea871f

  • SHA256

    1e4709ae68528459ee177c2c8121f97339356d846ab6beb4fca30d41cd8126e8

  • SHA512

    ccf610cd587b56512b550e37288b2f0a75ba63bcbc5185c59ead3bed610ece5fe81d480b540c7ce10dc7d8631217aa482ade6cac6faaf20a0600fdd3392fb262

  • SSDEEP

    6144:uJqVG5d1IpMyibgkTZI6jHID90acBXDxH/:u3d6tevoxMBXD9

Score
10/10
cobaltstrike100000

Malware Config

Extracted

Family

cobaltstrike

Botnet

100000

C2

http://124.221.101.123:8080/cx

Attributes
  • access_type

    512

  • host

    124.221.101.123,/cx

  • http_header1

    AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • polling_time

    60000

  • port_number

    8080

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCDNXFfUSnRiMrus01oooCz6LOvdmjEE+7t+6lWJPjRacCsjD36xkeHkaQzYHqBIcp+IjzNOQWAkZeqSKWsWAdUzYDFb4JxRk+REfYtFkqJdO6vJYr9HeSBbcvIVifI4mnpePP5LjtfV9x8AHu1EGqJVJ6LIkucf4QWdZlyxuV5pQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /submit.php

  • user_agent

    Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

  • watermark

    100000

Targets

    • Target

      1e4709ae68528459ee177c2c8121f97339356d846ab6beb4fca30d41cd8126e8

    • Size

      259KB

    • MD5

      5f6ef1de8f5e502ea6bf1bd701fbae64

    • SHA1

      a018dc39308c6055543a3f9ebc8fefbda2ea871f

    • SHA256

      1e4709ae68528459ee177c2c8121f97339356d846ab6beb4fca30d41cd8126e8

    • SHA512

      ccf610cd587b56512b550e37288b2f0a75ba63bcbc5185c59ead3bed610ece5fe81d480b540c7ce10dc7d8631217aa482ade6cac6faaf20a0600fdd3392fb262

    • SSDEEP

      6144:uJqVG5d1IpMyibgkTZI6jHID90acBXDxH/:u3d6tevoxMBXD9

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks