General
-
Target
2308-54-0x0000000002FC0000-0x0000000003150000-memory.dmp
-
Size
1.6MB
-
MD5
1d9e283ff2a583f128ee55532774ae81
-
SHA1
52e5c0fd37ce308342253c2790511ab79960d1f1
-
SHA256
5c39c9bf5e367d35b402553c62ccec9c0902527f72bffd16ee911c88af1d4144
-
SHA512
ec53170ca6aa9e4fc07cb288758f298e0bb1ff6050e1b778608a15222394c8dd30d0cda63e68933a83c2a4e8eb509864853422cc1ea15993e933277d74adff68
-
SSDEEP
3072:/Jq1fXrluNavO5GW/A07ytgugJqhJeGkTpX1KcBSEHYVD90vCzZBkDoJSznB/HcO:/JqVG5d57yibgkTZI6jHID90aHqv/H/
Malware Config
Extracted
cobaltstrike
100000
http://114.132.190.7:80/introduction/edr
-
access_type
512
-
host
114.132.190.7,/introduction/edr
-
http_header1
AAAACgAAAB5BY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUAAAAKAAAADFRlOiB0cmFpbGVycwAAAAoAAAALQWNjZXB0OiAqLyoAAAAHAAAAAAAAAA0AAAACAAAABUFOSUQ9AAAAAgAAABlfX1NlY3VyZS0zUEFQSVNJRD1ub3NraW47AAAAAQAAACM7Q09OU0VOVD1ZRVMrQ04uemgtQ04rMjAyMTA5MTctMDktMAAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IHRleHQvcGxhaW47Y2hhcnNldD1VVEYtOAAAAAoAAAAkUmVmZXJlcjogaHR0cHM6Ly9lZHIuc2FuZ2Zvci5jb20uY24vAAAACgAAAAxUZTogdHJhaWxlcnMAAAAKAAAAIk9yaWdpbjogaHR0cHM6Ly9lZHIuc2FuZ2Zvci5jb20uY24AAAAHAAAAAAAAAA0AAAAFAAAACF9fZm9ybWlkAAAACQAAABNzcmNodWlkPWtzSFZ0cGdoYUtRAAAACQAAABFzZWFyY2hrZXk9RGZNaVZBbAAAAAcAAAABAAAADQAAAAIAAAAqYWlkXz01MjIwMDU3MDUmYWNjdmVyPTEmc2hvd3R5cGU9ZW1iZWQmdWE9AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
5120
-
polling_time
12000
-
port_number
80
-
sc_process32
%windir%\syswow64\dllhost.exe
-
sc_process64
%windir%\sysnative\dllhost.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCJCYc9eAq47DNO6xFtarPfT8b9EHw2wZWKK0UKO0U0/0OKxEboQuNLnz9d4XdCuGHdmksxihUfu5zoFUa36irp/vEuqglGiCIcXnKWJUO3pVCjzWGAXk9UiZmCw8HDL++x5LpKz08rhcuOig3uFRyrM7++VrlhWaqxPN3FluYfwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
3.103793152e+09
-
unknown2
AAAABAAAAAEAAAA/AAAAAgAAAD0AAAACAAAAPQAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/api/artical/tag
-
user_agent
Mozilla/5.0 (iPad; CPU iPad OS 10_3_4 like Mac OS X) AppleWebKit/532.1 (KHTML, like Gecko) CriOS/30.0.834.0 Mobile/77D555 Safari/532.1
-
watermark
100000
Signatures
-
Cobaltstrike family
Files
-
2308-54-0x0000000002FC0000-0x0000000003150000-memory.dmp