cobaltstrike | 0126dc282ab4fbd211993a13c3a11c7d2c5bff6915e03f6715d3a15ecff70a27

General

Target

1600-55-0x000007FEF6460000-0x000007FEF650C000-memory.dmp
Size

688KB
Sample

240315-ax6a8sca3v
MD5

d1a20775cb37907ed4aa18afb43abc92
SHA1

eb10a11dad7f17f9524e01f1fc258d6b34a7d8a3
SHA256

0126dc282ab4fbd211993a13c3a11c7d2c5bff6915e03f6715d3a15ecff70a27
SHA512

88a6ead42c7ca3a02117558577f0aaeb76784386ff527e2fd916e9f77eaf94988080396dc0bcffe2e2f40d3e76aed648bdc1ede232d85107ea7c43b831bd3ffe
SSDEEP

12288:GEfOMJ8kWhpujbIS0wSJSkORCXdpVo2GN:PfO3+jbIpwSTOWfVPy

Score

10^/10

cobaltstrike 391144938

Malware Config

Extracted

Family

cobaltstrike

Botnet

391144938

C2

http://123.249.100.157:80/owa/

Attributes

access_type
512
host
123.249.100.157,/owa/
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAABxQ29va2llOiBNQzE9bWljcm9zb2Z0PThkZGNmZjNhODBmNDE4OWNhMWM5ZDRkOTAyYzNjOTA5JkhBU0g9YTE2ZCZWPTgmTFU9MTY2MzAzOTAxNzY4OTtQYXRoPS87U2VjdXJlO1NhbWVTaXRlPU5vbmUAAAAHAAAAAAAAAA0AAAAFAAAAA293YQAAAAkAAAAPcGF0aD0vbWljcm9zb2Z0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAcAAAABAAAADQAAAAUAAAADb3dhAAAABwAAAAAAAAANAAAAAgAAACdNaWNyb3NvZnRBcHBsaWNhdGlvbnM9ODBmNDE4OWNhMWM5ZDRkOTsAAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
GET
jitter
5120
polling_time
30000
port_number
80
sc_process32
%windir%\syswow64\gpupdate.exe
sc_process64
%windir%\sysnative\gpupdate.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCUGBvIn5gwSmKKcfXD82unRuDzm2vgwOmyHl0MOVRfInQavLCYKfdtZDW3SODxz41OCk1reVRelaJXiseXgutHH5EOxbIt5x07dOq9A5x2FEeqDUmQn5ymBS3jegp8QE27JwAoV15OjOHL1ejMpYbraq5iN8tc/yl+uv8UiP5xUwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
1.448416512e+09
unknown2
AAAABAAAAA0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown3
1.610612736e+09
uri
/OWA/
user_agent
Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)
watermark
391144938

Targets

- Target
  
  1600-55-0x000007FEF6460000-0x000007FEF650C000-memory.dmp
- Size
  
  688KB
- MD5
  
  d1a20775cb37907ed4aa18afb43abc92
- SHA1
  
  eb10a11dad7f17f9524e01f1fc258d6b34a7d8a3
- SHA256
  
  0126dc282ab4fbd211993a13c3a11c7d2c5bff6915e03f6715d3a15ecff70a27
- SHA512
  
  88a6ead42c7ca3a02117558577f0aaeb76784386ff527e2fd916e9f77eaf94988080396dc0bcffe2e2f40d3e76aed648bdc1ede232d85107ea7c43b831bd3ffe
- SSDEEP
  
  12288:GEfOMJ8kWhpujbIS0wSJSkORCXdpVo2GN:PfO3+jbIpwSTOWfVPy
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2