General

  • Target

    2200-56-0x000000002AC10000-0x000000002B082000-memory.dmp

  • Size

    4.4MB

  • Sample

    240314-fg198sdc25

  • MD5

    a801d99cc33f73020112f883856ffd8a

  • SHA1

    95681ab1bd794f3fecc3ebbc6a4d211e0168d209

  • SHA256

    91e23633466d42e89c4d988fc2bba3afe7336670e1f14884cebb8a676799a5c7

  • SHA512

    9367ef2428f47dbcc98e146a47e2f3937da657d2a053d2ca3e0ad13f6e5988a1882cc1e4a0c83ba936211f933c20db9a98f8893f066e2a1fcf775dd4fd69560e

  • SSDEEP

    6144:/JqVG5dmPyibgkTZI6jHID90aApyRgJH/:/3dpevoxLRI

Score
10/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

100000

C2

http://120.79.167.191:443/api/v1/server/user/info

Attributes
  • access_type

    512

  • beacon_type

    2048

  • host

    120.79.167.191,/api/v1/server/user/info

  • http_header1

    AAAACgAAAHlBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LGltYWdlL2FwbmcsKi8qO3E9MC44LGFwcGxpY2F0aW9uL3NpZ25lZC1leGNoYW5nZTt2PWIzO3E9MC45AAAACgAAABtTZWMtRmV0Y2gtU2l0ZTogc2FtZS1vcmlnaW4AAAAKAAAAElNlYy1GZXRjaC1Vc2VyOiA/MQAAAAoAAAAfUmVmZXJlcjogaHR0cHM6Ly93d3cuYmFpZHUuY29tLwAAAAoAAAAeQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlAAAACgAAAB9BY2NlcHQtTGFuZ3VhZ2U6IHpoLUNOLHpoO3E9MC45AAAABwAAAAAAAAADAAAAAgAAADNCSURVUFNJRD1DQjQ5MDYyMkUwNkVENzM1NDQ3MDhGQTZFQzhENzE0OTsgQkFJRFVJRD0AAAABAAAAZTpGRz0xOyBCRF9IT01FPTE7IFpGWT1tSG5SeTpBVUxsVzJWQWZZbjhjUG1nRFJxQ3NCalZ0SVM0UVZmZVYzUjFWQTpDOyBkZWxQZXI9MDsgQkRfQ0tfU0FNPTE7IFBTSU5PPTE7AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAA=

  • http_header2

    AAAACgAAABpYLUNsaWVudC1WZXJzaW9uOiAyMDIxMDgwMwAAAAoAAAApQWNjZXB0OiBhcHBsaWNhdGlvbi9qc29uLCB0ZXh0L3BsYWluLCAqLyoAAAAKAAAAG1NlYy1GZXRjaC1TaXRlOiBzYW1lLW9yaWdpbgAAAAoAAAAUU2VjLUZldGNoLU1vZGU6IGNvcnMAAAAKAAAAH1JlZmVyZXI6IGh0dHBzOi8vYmJzLmJhaWR1LmNvbS8AAAAKAAAAHkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQAAAAcAAAAAAAAADwAAAA0AAAACAAAAEF9fYmFpX2R1aWQ9Rk49MDoAAAABAAAAOzpGRz0xO1BTU0lEPTFfYmNkNTY3ZTA5NjdmODNhMmY0ZGZlYjlhYmJkMGZkMWYxNjY3MjY5NTgwNzg2AAAABgAAAAZDb29raWUAAAAHAAAAAQAAAAMAAAACAAAAWXsiZXZlbnRfdHlwZSI6ImxvYWQiLCJwYWdlIjowMSwidXNlcl9mcm9tIjoid2ViIiwiZXZlbnRfbmFtZSI6InZpc2l0ZWQtaG9tZSIsImxvZ19pbmZvIjoiAAAAAQAAABUiLCJjb2RlIjoiMTE2MDgyMzg4In0AAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • jitter

    5120

  • polling_time

    10000

  • port_number

    443

  • sc_process32

    %windir%\syswow64\dllhost.exe

  • sc_process64

    %windir%\sysnative\dllhost.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCishNvc3gsVc6u/ZLU7CfOlhOG+8Kgqpj3/oi9BPSIn+AaLcu1RE9FE7Pi9pDP4hUAIfxHgKQvPysVhIRVGFQ62+6T80TAWqV9f3HJPmlqmANPKd8J7lKGgRKD2qSzceQgxDK6aVjV1ROQA3UWGYWJPZw5+s/Ci3809qif6ziUUQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    8.44502272e+08

  • unknown2

    AAAABAAAAAEAAAAlAAAAAgAAALUAAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /api/v1/server/log

  • user_agent

    Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36

  • watermark

    100000

Targets

    Tasks