cobaltstrike | 2127d87fe1cb259eb6e54a06fe8953aa850ad1a11dd176bce385c86f86ba2166

General

Target

2127d87fe1cb259eb6e54a06fe8953aa850ad1a11dd176bce385c86f86ba2166
Size

259KB
Sample

240312-hq5p5ach99
MD5

83394c52f43a700d6773c8180758800c
SHA1

28e2e14004648eeaa4ea7e65533aeeac5dc86ad6
SHA256

2127d87fe1cb259eb6e54a06fe8953aa850ad1a11dd176bce385c86f86ba2166
SHA512

20482a566d69d78729573160ac4f05275a900224a3310593636f155b54da3e07f504dccd398343a83afb72657d1e74426968619ddf328f5538e0e53a74d4ccc8
SSDEEP

6144:/EG8cIDtrGIpDjr4OVMvvOJJMmGMmw9IAPBWH/:8QIDtr/Zjr1VMvv4JMJMPIAPBQ

Score

10^/10

cobaltstrike 100000

Malware Config

Extracted

Family

cobaltstrike

Botnet

100000

C2

http://111.229.142.238:88/c/msdownload/update/others/2022/03/29136388_

Attributes

access_type
512
beacon_type
2048
host
111.229.142.238,/c/msdownload/update/others/2022/03/29136388_
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAABAAAAAYSG9zdDogd3d3LmNoYW5lbmVyZ3kuY29tAAAABwAAAAAAAAANAAAAAQAAAAQuY2FiAAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAABAAAAAYSG9zdDogd3d3LmNoYW5lbmVyZ3kuY29tAAAABwAAAAAAAAAFAAAACXVwZGF0ZV9pZAAAAAcAAAABAAAAAwAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
jitter
5120
polling_time
2000
port_number
88
sc_process32
%windir%\syswow64\WerFault.exe
sc_process64
%windir%\sysnative\WerFault.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCcVn/Q1SFs8Ez3qpSw7HyCwZiGhfB0U4kaa+1QVehZQy62WbutdsfQ0+ucTt66SPOSbI192ts2jp0oHkI1lRpdPunUCA+8fFXuNdCb/ZsbA5bRQZhZHTQE9gwGgF4ieb6elCAW3WaUH34pVeB4bE0PVUC/4DF//A6AJQRdhCOX1QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
1.481970944e+09
unknown2
AAAABAAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/c/msdownload/update/others/2022/03/28986731_
user_agent
Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.40
watermark
100000

Targets

- Target
  
  2127d87fe1cb259eb6e54a06fe8953aa850ad1a11dd176bce385c86f86ba2166
- Size
  
  259KB
- MD5
  
  83394c52f43a700d6773c8180758800c
- SHA1
  
  28e2e14004648eeaa4ea7e65533aeeac5dc86ad6
- SHA256
  
  2127d87fe1cb259eb6e54a06fe8953aa850ad1a11dd176bce385c86f86ba2166
- SHA512
  
  20482a566d69d78729573160ac4f05275a900224a3310593636f155b54da3e07f504dccd398343a83afb72657d1e74426968619ddf328f5538e0e53a74d4ccc8
- SSDEEP
  
  6144:/EG8cIDtrGIpDjr4OVMvvOJJMmGMmw9IAPBWH/:8QIDtr/Zjr1VMvv4JMJMPIAPBQ
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2