Overview

overview

10

Static

static

10

2600-55-0x...ry.dll

windows7-x64

1

2600-55-0x...ry.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2600-55-0x000007FEF74F0000-0x000007FEF759C000-memory.dmp

  • Size

    688KB

  • Sample

    240315-a6ejwacc8w

  • MD5

    a2da0f22db71c3343238bd1813d59b98

  • SHA1

    26bde047bc789f5954c61e501b78203caaa597dc

  • SHA256

    48ad7e4ede087da50c4be349bfd2305242f18a8b465a372cf2a169df6e484b21

  • SHA512

    a206618b0319967fb90933a6632e3e05673fd3960c17567bf27f90bc789c041e36f1ab691deb20afb55338cb3059286919a5d9e2b30ad783b54ed868021d68e3

  • SSDEEP

    12288:qEfOMJ8J6oujbIS0wSJSkORCXdpVo2GN:7fO3ujbIpwSTOWfVPy

Score
10/10
cobaltstrike391144938

Malware Config

Extracted

Family

cobaltstrike

Botnet

391144938

C2

http://47.115.211.116:80/owa/

Attributes
  • access_type

    512

  • host

    47.115.211.116,/owa/

  • http_header1

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAABxQ29va2llOiBNQzE9bWljcm9zb2Z0PThkZGNmZjNhODBmNDE4OWNhMWM5ZDRkOTAyYzNjOTA5JkhBU0g9YTE2ZCZWPTgmTFU9MTY2MzAzOTAxNzY4OTtQYXRoPS87U2VjdXJlO1NhbWVTaXRlPU5vbmUAAAAHAAAAAAAAAA0AAAAFAAAAA293YQAAAAkAAAAPcGF0aD0vbWljcm9zb2Z0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAcAAAABAAAADQAAAAUAAAADb3dhAAAABwAAAAAAAAANAAAAAgAAACdNaWNyb3NvZnRBcHBsaWNhdGlvbnM9ODBmNDE4OWNhMWM5ZDRkOTsAAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    GET

  • jitter

    1280

  • polling_time

    1000

  • port_number

    80

  • sc_process32

    %windir%\syswow64\gpupdate.exe

  • sc_process64

    %windir%\sysnative\gpupdate.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJlRoJrtHdi/JCpa+ldmK3M0pqOYNHnJ90TFWSWi28rJ8ISt0g89bAOq4Ih4rH2znL5qKIMbQsE0pj9QvF+POLjRhUwwKet0lsG+954DUJj6quJdVWnQc3+k04PAi04cdXkMcAWDl9LdwUG079t1ceM0JxCjYV0ga4jtUTMlyEQwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    1.448416512e+09

  • unknown2

    AAAABAAAAA0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown3

    1.610612736e+09

  • uri

    /OWA/

  • user_agent

    Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)

  • watermark

    391144938

Targets

    • Target

      2600-55-0x000007FEF74F0000-0x000007FEF759C000-memory.dmp

    • Size

      688KB

    • MD5

      a2da0f22db71c3343238bd1813d59b98

    • SHA1

      26bde047bc789f5954c61e501b78203caaa597dc

    • SHA256

      48ad7e4ede087da50c4be349bfd2305242f18a8b465a372cf2a169df6e484b21

    • SHA512

      a206618b0319967fb90933a6632e3e05673fd3960c17567bf27f90bc789c041e36f1ab691deb20afb55338cb3059286919a5d9e2b30ad783b54ed868021d68e3

    • SSDEEP

      12288:qEfOMJ8J6oujbIS0wSJSkORCXdpVo2GN:7fO3ujbIpwSTOWfVPy

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks