cobaltstrike | 42e1bf4ae013099d1832b39dfc42df1dc11a278b51cd427081feac86178a0b5b

Sharing

Copy URL

Twitter E-mail

General

Target

2020-55-0x0000000002170000-0x00000000021E0000-memory.dmp
Size

448KB
Sample

240314-mkgtbsca43
MD5

9fe2570f42ac6031dd25457d20f95004
SHA1

af59ba4e9616689353ae65f651d9ca3283cc67ac
SHA256

42e1bf4ae013099d1832b39dfc42df1dc11a278b51cd427081feac86178a0b5b
SHA512

9b250981b00a4497ae711b2526d9ca24a601ec85aecd00860e3e60f6377c6c7287847dbd0d4cd62050d7811c14dc6be7f8ae7ddeca79bb130855c6920556ad52
SSDEEP

3072:/Jq1fXrluNpvOVGW/AuxytgugJqhJeGkTpX1KcBSEHYVD90vCykQgCxDYJazgHcO:/JqCGVd3xyibgkTZI6jHID90adeDmH/

Score

10^/10

cobaltstrike 100000

Malware Config

Extracted

Family

cobaltstrike

Botnet

100000

http://216.146.25.53:80/changes/TWl3f2wDOLzsopklW5dDAnZe9XKFIFQ

Attributes

access_type
512
host
216.146.25.53,/changes/TWl3f2wDOLzsopklW5dDAnZe9XKFIFQ
http_header1
AAAACgAAABBQcmFnbWE6IG5vLWNhY2hlAAAACgAAABdDYWNoZS1Db250cm9sOiBuby1jYWNoZQAAAAoAAAALQWNjZXB0OiAqLyoAAAAKAAAAHkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQAAAAcAAAAAAAAAAgAAAAZxc1RSWXMAAAAPAAAAAwAAAAYAAAAMWC1DU1JGLVRva2VuAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAACgAAABBQcmFnbWE6IG5vLWNhY2hlAAAACgAAABdDYWNoZS1Db250cm9sOiBuby1jYWNoZQAAAAoAAAALQWNjZXB0OiAqLyoAAAAKAAAAHkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQAAAAoAAAAeQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9qc29uAAAABwAAAAAAAAACAAAAfVh4M0I4N0Q2ZVZzVlZ2T1ZLTGg0U05ycVdadDVISm1CcXMwZGJVS0M0TE1HRkZqbWRxaW5lT3lnbDN4Z0F5RFFjQzBiYmNqR0tXa3FnaXlKcWRiY2RMY3FtU1BVY2EwcHdCbXNwS3VFYUN4elNueTZzTUltSlFJVFZubjVWAAAADwAAAAMAAAAGAAAADFgtQ1NSRi1Ub2tlbgAAAAcAAAABAAAAAwAAAAIAAAAKIiwiZGF0YSI6IgAAAAIAAAAkMzM5NWQwNDgtY2FlYS00ZjUwLTk5ODktNzFjNmQ0NzMyNmI5AAAAAgAAAAh7Im1zZyI6IgAAAAEAAAACIn0AAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
jitter
3840
polling_time
71663
port_number
80
sc_process32
%windir%\syswow64\DllHost.exe /Processid:{634241AA-BAEF-4493-80CD-F1C3F91A5BE1}
sc_process64
%windir%\sysnative\DllHost.exe /Processid:{90805CAA-A11B-4DEC-9984-1CA91684609A}
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCma5npxyrI1Bt3gmECSQD9c4KlCwAoQEH7v/U6mn34yUqT2e7r2lTgts0x++WI6itT79RODlC2bALLrkFWoq/y03yq9C6kx/zI9wRqo3IEaC9bcyCLr6YY1ncstOyGZTcHhVu1/TEbzsPWYYPDzhBsQhV+zhuXXRKz6vk4TnfjDQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
3.579122944e+09
unknown2
AAAABAAAAAEAAAACAAAAAgAAABMAAAACAAAAJAAAAAIAAAAgAAAAAwAAAAEAAAAMAAAAAgAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/license/Z2OSWUqImUYFWZRYaOb79wLnfzHd3dM
user_agent
Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0)
watermark
100000

Targets

Tasks

static1

100000cobaltstrike

Score

10^/10