Overview

overview

10

Static

static

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2308-54-0x0000000002FC0000-0x0000000003150000-memory.dmp

  • Size

    1.6MB

  • Sample

    240313-wj98xsbe8y

  • MD5

    1d9e283ff2a583f128ee55532774ae81

  • SHA1

    52e5c0fd37ce308342253c2790511ab79960d1f1

  • SHA256

    5c39c9bf5e367d35b402553c62ccec9c0902527f72bffd16ee911c88af1d4144

  • SHA512

    ec53170ca6aa9e4fc07cb288758f298e0bb1ff6050e1b778608a15222394c8dd30d0cda63e68933a83c2a4e8eb509864853422cc1ea15993e933277d74adff68

  • SSDEEP

    3072:/Jq1fXrluNavO5GW/A07ytgugJqhJeGkTpX1KcBSEHYVD90vCzZBkDoJSznB/HcO:/JqVG5d57yibgkTZI6jHID90aHqv/H/

Score
10/10
cobaltstrike100000

Malware Config

Extracted

Family

cobaltstrike

Botnet

100000

C2

http://114.132.190.7:80/introduction/edr

Attributes
  • access_type

    512

  • host

    114.132.190.7,/introduction/edr

  • http_header1

    AAAACgAAAB5BY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUAAAAKAAAADFRlOiB0cmFpbGVycwAAAAoAAAALQWNjZXB0OiAqLyoAAAAHAAAAAAAAAA0AAAACAAAABUFOSUQ9AAAAAgAAABlfX1NlY3VyZS0zUEFQSVNJRD1ub3NraW47AAAAAQAAACM7Q09OU0VOVD1ZRVMrQ04uemgtQ04rMjAyMTA5MTctMDktMAAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAACgAAACZDb250ZW50LVR5cGU6IHRleHQvcGxhaW47Y2hhcnNldD1VVEYtOAAAAAoAAAAkUmVmZXJlcjogaHR0cHM6Ly9lZHIuc2FuZ2Zvci5jb20uY24vAAAACgAAAAxUZTogdHJhaWxlcnMAAAAKAAAAIk9yaWdpbjogaHR0cHM6Ly9lZHIuc2FuZ2Zvci5jb20uY24AAAAHAAAAAAAAAA0AAAAFAAAACF9fZm9ybWlkAAAACQAAABNzcmNodWlkPWtzSFZ0cGdoYUtRAAAACQAAABFzZWFyY2hrZXk9RGZNaVZBbAAAAAcAAAABAAAADQAAAAIAAAAqYWlkXz01MjIwMDU3MDUmYWNjdmVyPTEmc2hvd3R5cGU9ZW1iZWQmdWE9AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • jitter

    5120

  • polling_time

    12000

  • port_number

    80

  • sc_process32

    %windir%\syswow64\dllhost.exe

  • sc_process64

    %windir%\sysnative\dllhost.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCJCYc9eAq47DNO6xFtarPfT8b9EHw2wZWKK0UKO0U0/0OKxEboQuNLnz9d4XdCuGHdmksxihUfu5zoFUa36irp/vEuqglGiCIcXnKWJUO3pVCjzWGAXk9UiZmCw8HDL++x5LpKz08rhcuOig3uFRyrM7++VrlhWaqxPN3FluYfwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    3.103793152e+09

  • unknown2

    AAAABAAAAAEAAAA/AAAAAgAAAD0AAAACAAAAPQAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /api/artical/tag

  • user_agent

    Mozilla/5.0 (iPad; CPU iPad OS 10_3_4 like Mac OS X) AppleWebKit/532.1 (KHTML, like Gecko) CriOS/30.0.834.0 Mobile/77D555 Safari/532.1

  • watermark

    100000

Targets

    Tasks