cobaltstrike | 3d92974c5302225327065e11f7678b3d2f96f64e66a1ea2bf6e0fe9b65f9a69c

Sharing

Copy URL

Twitter E-mail

General

Target

1972-55-0x0000000002C30000-0x0000000003C31000-memory.dmp
Size

16.0MB
Sample

240303-ztndpagd4x
MD5

61de995c28d2acea51248af5df37d175
SHA1

da28d02a85e7e927e9126531b3038cdcb5b074cf
SHA256

3d92974c5302225327065e11f7678b3d2f96f64e66a1ea2bf6e0fe9b65f9a69c
SHA512

b774e28a172a3a468abbbfeaead45ffed5b6a7350a4385680851c492059a6112f2eb6645cef1deecdc4b20f4644c622577ad7402fdfe64cd188f97fb7f004ec0
SSDEEP

6144:yJqVG5d1IpMyibgkTZI6jHID90alKBXfH/:y3d6tevoxUBXn

Score

10^/10

cobaltstrike 100000

Malware Config

Extracted

Family

cobaltstrike

Botnet

100000

http://120.78.228.153:443/center/update_

http://120.78.170.89:443/center/update_

http://60.205.203.120:443/center/update_

http://101.200.58.59:443/center/update_

http://47.96.152.43:443/center/update_

http://47.96.184.209:443/center/update_

Attributes

access_type
512
beacon_type
2048
host
120.78.228.153,/center/update_,120.78.170.89,/center/update_,60.205.203.120,/center/update_,101.200.58.59,/center/update_,47.96.152.43,/center/update_,47.96.184.209,/center/update_
http_header1
AAAACgAAAA1BY2NlcHQ6IGltYWdlAAAAEAAAAA1Ib3N0OiAzNjAuY29tAAAACgAAABlSZWZlcmVyOiBodHRwczovLzM2MC5jb20vAAAACgAAAB5BY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUAAAAHAAAAAAAAAA0AAAACAAAACFNFU1NJT049AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAACgAAAA1BY2NlcHQ6IGltYWdlAAAAEAAAAA1Ib3N0OiAzNjAuY29tAAAACgAAABlSZWZlcmVyOiBodHRwczovLzM2MC5jb20vAAAACgAAAB5BY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUAAAAHAAAAAAAAAAMAAAAFAAAAB1NFU1NJT04AAAAHAAAAAQAAAA0AAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
jitter
2560
polling_time
2000
port_number
443
sc_process32
%windir%\syswow64\dllhost.exe
sc_process64
%windir%\sysnative\dllhost.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC00x/YenIm1WvU3f0GohhnnLcHou4dJiz3wNHILmAlAbMYzVUbXJanIwLYvbtLi+UQoZjc5aRwS6qgdE7YOfz9oSs4r9EGsYgtRh4MedK697imUg2eNGhU62Vao9Uv0HSxIDl6GQ7Aw9CHSXuV39gdp+eVFr3PA978yTahEpr3KQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
1.767183616e+09
unknown2
AAAABAAAAAEAAAAIAAAAAgAAAAkAAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/center/upload_
user_agent
Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.31
watermark
100000

Targets

Tasks

static1

100000cobaltstrike

Score

10^/10