Overview

overview

10

Static

static

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4256-121-0x000000002BA80000-0x000000002BAD2000-memory.dmp

  • Size

    328KB

  • Sample

    240312-pdtwesad54

  • MD5

    c946237177db1d868ebadd49e193e2a5

  • SHA1

    282245859fa1201ed0a772b2c9ec778a85744c38

  • SHA256

    66bf69ea0015c9664bd94ada49be95b0bc2b00b15995ab18f8f1107fa526b461

  • SHA512

    4032826aa776df6921d350cdc6ffc3fcb78c01638618797206acdfd50f606ee764733cde713b59dc5a76b08b6dae317fdedf6e19d048ed5fe87044a960e76541

  • SSDEEP

    3072:4zbINhWl+CIbfqqEVxtfg8jtfDCJS4l9JTFyG+JteEzCnLZ/YVKOdoYJl6vzHkyf:4zbUWootfDCvT4ZTXzCLZgVJojZrKM

Score
10/10
cobaltstrike391144938

Malware Config

Extracted

Family

cobaltstrike

Botnet

391144938

C2

http://139.9.243.130:443/sugrec

Attributes
  • access_type

    512

  • beacon_type

    2048

  • host

    139.9.243.130,/sugrec

  • http_header1

    AAAACgAAAAtBY2NlcHQ6ICovKgAAABAAAAATSG9zdDogd3d3LmJhaWR1LmNvbQAAAAoAAABGQ29va2llOiBaRF9FTlRSWT1nb29nbGU7IEJBSURVSUQ9NkMzQTgyNEI1RkUzMDdDRjIzNzE4QjgwNjNCMjI3MkQ6Rkc9MQAAAAcAAAAAAAAADwAAAA0AAAAFAAAAAmlkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAACgAAAAtBY2NlcHQ6ICovKgAAABAAAAATSG9zdDogd3d3LmJhaWR1LmNvbQAAAAoAAAAeQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9qc29uAAAACgAAAEZDb29raWU6IFpEX0VOVFJZPWdvb2dsZTsgQkFJRFVJRD02QzNBODI0QjVGRTMwN0NGMjM3MThCODA2M0IyMjcyRDpGRz0xAAAABwAAAAAAAAAPAAAADQAAAAUAAAAEdmlldwAAAAcAAAABAAAADwAAAA0AAAACAAAACHsiaW1nIjoiAAAAAQAAAAIifQAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • polling_time

    60000

  • port_number

    443

  • sc_process32

    %windir%\syswow64\WerFault.exe

  • sc_process64

    %windir%\sysnative\WerFault.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCq5FLm+lamnOskg6M7l5P1QuBtuz02ytCR+d7h4wJtc/zazWK296zCBGYq9IZfG5pywTRxxqnslPHFvh4ji4+48HaUOZz944lngUjayzPEICVgT1+siwKxVnBavgiQcYZ1Oi0xp57l4DYddiflzNO6LFYCAd4T/xVzr3vzZWpLMwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    3.126138112e+09

  • unknown2

    AAAABAAAAAEAAAACAAAAAgAAAF0AAAANAAAADwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /5aV1bjqh_Q23odCf/static/superman/img/topnav/

  • user_agent

    Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36

  • watermark

    391144938

Targets

    Tasks