cobaltstrike | 91e23633466d42e89c4d988fc2bba3afe7336670e1f14884cebb8a676799a5c7

Sharing

Copy URL

Twitter E-mail

General

Target

2200-56-0x000000002AC10000-0x000000002B082000-memory.dmp
Size

4.4MB
Sample

240314-fg198sdc25
MD5

a801d99cc33f73020112f883856ffd8a
SHA1

95681ab1bd794f3fecc3ebbc6a4d211e0168d209
SHA256

91e23633466d42e89c4d988fc2bba3afe7336670e1f14884cebb8a676799a5c7
SHA512

9367ef2428f47dbcc98e146a47e2f3937da657d2a053d2ca3e0ad13f6e5988a1882cc1e4a0c83ba936211f933c20db9a98f8893f066e2a1fcf775dd4fd69560e
SSDEEP

6144:/JqVG5dmPyibgkTZI6jHID90aApyRgJH/:/3dpevoxLRI

Score

10^/10

cobaltstrike 100000

Malware Config

Extracted

Family

cobaltstrike

Botnet

100000

http://120.79.167.191:443/api/v1/server/user/info

Attributes

access_type
512
beacon_type
2048
host
120.79.167.191,/api/v1/server/user/info
http_header1
AAAACgAAAHlBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LGltYWdlL2FwbmcsKi8qO3E9MC44LGFwcGxpY2F0aW9uL3NpZ25lZC1leGNoYW5nZTt2PWIzO3E9MC45AAAACgAAABtTZWMtRmV0Y2gtU2l0ZTogc2FtZS1vcmlnaW4AAAAKAAAAElNlYy1GZXRjaC1Vc2VyOiA/MQAAAAoAAAAfUmVmZXJlcjogaHR0cHM6Ly93d3cuYmFpZHUuY29tLwAAAAoAAAAeQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlAAAACgAAAB9BY2NlcHQtTGFuZ3VhZ2U6IHpoLUNOLHpoO3E9MC45AAAABwAAAAAAAAADAAAAAgAAADNCSURVUFNJRD1DQjQ5MDYyMkUwNkVENzM1NDQ3MDhGQTZFQzhENzE0OTsgQkFJRFVJRD0AAAABAAAAZTpGRz0xOyBCRF9IT01FPTE7IFpGWT1tSG5SeTpBVUxsVzJWQWZZbjhjUG1nRFJxQ3NCalZ0SVM0UVZmZVYzUjFWQTpDOyBkZWxQZXI9MDsgQkRfQ0tfU0FNPTE7IFBTSU5PPTE7AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAA=
http_header2
AAAACgAAABpYLUNsaWVudC1WZXJzaW9uOiAyMDIxMDgwMwAAAAoAAAApQWNjZXB0OiBhcHBsaWNhdGlvbi9qc29uLCB0ZXh0L3BsYWluLCAqLyoAAAAKAAAAG1NlYy1GZXRjaC1TaXRlOiBzYW1lLW9yaWdpbgAAAAoAAAAUU2VjLUZldGNoLU1vZGU6IGNvcnMAAAAKAAAAH1JlZmVyZXI6IGh0dHBzOi8vYmJzLmJhaWR1LmNvbS8AAAAKAAAAHkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQAAAAcAAAAAAAAADwAAAA0AAAACAAAAEF9fYmFpX2R1aWQ9Rk49MDoAAAABAAAAOzpGRz0xO1BTU0lEPTFfYmNkNTY3ZTA5NjdmODNhMmY0ZGZlYjlhYmJkMGZkMWYxNjY3MjY5NTgwNzg2AAAABgAAAAZDb29raWUAAAAHAAAAAQAAAAMAAAACAAAAWXsiZXZlbnRfdHlwZSI6ImxvYWQiLCJwYWdlIjowMSwidXNlcl9mcm9tIjoid2ViIiwiZXZlbnRfbmFtZSI6InZpc2l0ZWQtaG9tZSIsImxvZ19pbmZvIjoiAAAAAQAAABUiLCJjb2RlIjoiMTE2MDgyMzg4In0AAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
jitter
5120
polling_time
10000
port_number
443
sc_process32
%windir%\syswow64\dllhost.exe
sc_process64
%windir%\sysnative\dllhost.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCishNvc3gsVc6u/ZLU7CfOlhOG+8Kgqpj3/oi9BPSIn+AaLcu1RE9FE7Pi9pDP4hUAIfxHgKQvPysVhIRVGFQ62+6T80TAWqV9f3HJPmlqmANPKd8J7lKGgRKD2qSzceQgxDK6aVjV1ROQA3UWGYWJPZw5+s/Ci3809qif6ziUUQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
8.44502272e+08
unknown2
AAAABAAAAAEAAAAlAAAAAgAAALUAAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/api/v1/server/log
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36
watermark
100000

Targets

Tasks

static1

100000cobaltstrike

Score

10^/10