General
-
Target
2200-56-0x000000002AC10000-0x000000002B082000-memory.dmp
-
Size
4.4MB
-
Sample
240314-fg198sdc25
-
MD5
a801d99cc33f73020112f883856ffd8a
-
SHA1
95681ab1bd794f3fecc3ebbc6a4d211e0168d209
-
SHA256
91e23633466d42e89c4d988fc2bba3afe7336670e1f14884cebb8a676799a5c7
-
SHA512
9367ef2428f47dbcc98e146a47e2f3937da657d2a053d2ca3e0ad13f6e5988a1882cc1e4a0c83ba936211f933c20db9a98f8893f066e2a1fcf775dd4fd69560e
-
SSDEEP
6144:/JqVG5dmPyibgkTZI6jHID90aApyRgJH/:/3dpevoxLRI
Malware Config
Extracted
cobaltstrike
100000
http://120.79.167.191:443/api/v1/server/user/info
-
access_type
512
-
beacon_type
2048
-
host
120.79.167.191,/api/v1/server/user/info
-
http_header1
AAAACgAAAHlBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LGltYWdlL2FwbmcsKi8qO3E9MC44LGFwcGxpY2F0aW9uL3NpZ25lZC1leGNoYW5nZTt2PWIzO3E9MC45AAAACgAAABtTZWMtRmV0Y2gtU2l0ZTogc2FtZS1vcmlnaW4AAAAKAAAAElNlYy1GZXRjaC1Vc2VyOiA/MQAAAAoAAAAfUmVmZXJlcjogaHR0cHM6Ly93d3cuYmFpZHUuY29tLwAAAAoAAAAeQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlAAAACgAAAB9BY2NlcHQtTGFuZ3VhZ2U6IHpoLUNOLHpoO3E9MC45AAAABwAAAAAAAAADAAAAAgAAADNCSURVUFNJRD1DQjQ5MDYyMkUwNkVENzM1NDQ3MDhGQTZFQzhENzE0OTsgQkFJRFVJRD0AAAABAAAAZTpGRz0xOyBCRF9IT01FPTE7IFpGWT1tSG5SeTpBVUxsVzJWQWZZbjhjUG1nRFJxQ3NCalZ0SVM0UVZmZVYzUjFWQTpDOyBkZWxQZXI9MDsgQkRfQ0tfU0FNPTE7IFBTSU5PPTE7AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAABpYLUNsaWVudC1WZXJzaW9uOiAyMDIxMDgwMwAAAAoAAAApQWNjZXB0OiBhcHBsaWNhdGlvbi9qc29uLCB0ZXh0L3BsYWluLCAqLyoAAAAKAAAAG1NlYy1GZXRjaC1TaXRlOiBzYW1lLW9yaWdpbgAAAAoAAAAUU2VjLUZldGNoLU1vZGU6IGNvcnMAAAAKAAAAH1JlZmVyZXI6IGh0dHBzOi8vYmJzLmJhaWR1LmNvbS8AAAAKAAAAHkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQAAAAcAAAAAAAAADwAAAA0AAAACAAAAEF9fYmFpX2R1aWQ9Rk49MDoAAAABAAAAOzpGRz0xO1BTU0lEPTFfYmNkNTY3ZTA5NjdmODNhMmY0ZGZlYjlhYmJkMGZkMWYxNjY3MjY5NTgwNzg2AAAABgAAAAZDb29raWUAAAAHAAAAAQAAAAMAAAACAAAAWXsiZXZlbnRfdHlwZSI6ImxvYWQiLCJwYWdlIjowMSwidXNlcl9mcm9tIjoid2ViIiwiZXZlbnRfbmFtZSI6InZpc2l0ZWQtaG9tZSIsImxvZ19pbmZvIjoiAAAAAQAAABUiLCJjb2RlIjoiMTE2MDgyMzg4In0AAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
5120
-
polling_time
10000
-
port_number
443
-
sc_process32
%windir%\syswow64\dllhost.exe
-
sc_process64
%windir%\sysnative\dllhost.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCishNvc3gsVc6u/ZLU7CfOlhOG+8Kgqpj3/oi9BPSIn+AaLcu1RE9FE7Pi9pDP4hUAIfxHgKQvPysVhIRVGFQ62+6T80TAWqV9f3HJPmlqmANPKd8J7lKGgRKD2qSzceQgxDK6aVjV1ROQA3UWGYWJPZw5+s/Ci3809qif6ziUUQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
8.44502272e+08
-
unknown2
AAAABAAAAAEAAAAlAAAAAgAAALUAAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/api/v1/server/log
-
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36
-
watermark
100000