cobaltstrike | ccd5640db11cb3e4319351f40b105c4c9f669f0057260886431079e324e2ee2f[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

ccd5640db11cb3e4319351f40b105c4c9f669f0057260886431079e324e2ee2f.bin
Size

218KB
MD5

228e4d6d05ceaa05e8c4ff8cff0a60f3
SHA1

3d4e5ae32ff4b998b3d9da784332ebfddddcae32
SHA256

ccd5640db11cb3e4319351f40b105c4c9f669f0057260886431079e324e2ee2f
SHA512

ea721641e113e99a4bcab20226c53a465974f8ba7170eadaf51a67dfae02a3eb826a37c0c68d3edcac3ba7931b926d135c4b82ee7f91f78af6f50c1ad24b351a
SSDEEP

6144:P66JU8IxXC3YSL2a1Wd7h00Lks1YarGR8rjXuqpjkA:iUf0XyYmYvbLks1YarGR8OWjx

Score

10^/10

380330973 cobaltstrike

Malware Config

Extracted

Family

cobaltstrike

Botnet

380330973

http://d30a2o6zg7ra9b.cloudfront.net:443/cs.html

Attributes

access_type
512
beacon_type
2048
host
d30a2o6zg7ra9b.cloudfront.net,/cs.html
http_header1
AAAAEAAAABlIb3N0OiBzZWN1cml0aWVzLXJhdGUuY29tAAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAALQWNjZXB0OiAqLyoAAAAHAAAAAAAAAAMAAAADAAAAAgAAAAVMU0lEPQAAAAYAAAAGQ29va2llAAAACQAAAAxleGNsdWRlPXRydWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAAEAAAABlIb3N0OiBzZWN1cml0aWVzLXJhdGUuY29tAAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAA9QWNjZXB0LUxhbmd1YWdlOiBmci1DSCwgZnI7cT0wLjksIGVuO3E9MC44LCBkZTtxPTAuNywgKjtxPTAuNQAAAAoAAAAYQ29udGVudC1UeXBlOiB0ZXh0L3BsYWluAAAABwAAAAEAAAAPAAAAAwAAAAQAAAAHAAAAAAAAAAMAAAACAAAADl9fc2Vzc2lvbl9faWQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
jitter
9984
polling_time
62907
port_number
443
sc_process32
%windir%\syswow64\WUAUCLT.exe
sc_process64
%windir%\sysnative\WUAUCLT.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDB2qHXReBIJOKgeBURVPVr00hBU6JHNCQRIFSKDby6drDAAwV/r2Rrm1ZOS8OUGL55DiNT8nlzuS3441ItXk+Bx5rYYTfU5NF0LHbS8Rv6rQLJDnFH6uduFxVR0IJnZFLnLiRhLC8T5iOjvO6+Jh214FTI5842FmZnmRLNS4FhMQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4.272630272e+09
unknown2
AAAABAAAAAIAAAFSAAAAAwAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/panel
user_agent
Mozilla/5.0 (Linux; Android 8.0.0; SM-G960F Build/R16NW) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202
watermark
380330973

Signatures

Cobaltstrike family
cobaltstrike

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ccd5640db11cb3e4319351f40b105c4c9f669f0057260886431079e324e2ee2f.bin

Files

ccd5640db11cb3e4319351f40b105c4c9f669f0057260886431079e324e2ee2f.bin
.dll windows:5 windows x86 arch:x86

2784a31e81408c6a1b0043d146be54b5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_SYSTEM
IMAGE_FILE_DLL

Imports

��

��
��
��
��V
��
��
��
��
��
��Ô
��
��
��
��
��
��
��
��
��
��
��
��
��
��.��3��ê��0��񅪱��1��񍦻��
��.��3��ê��0��񅪱��1��񍦻��
��.��3��ê��0��񅪱��1��񍦻��
��3��ê��0��񅪱��1��񍦻��
��ê��0��񅪱��1��񍦻��
��0��񅪱��1��񍦻��
��񅪱��1��񍦻��
��񍦻��
��
��
��񐭢��
��
��
��
��
��x
��>��j��
��j��
��
��u��
��
��
��
��
��#��
��
��
��
��G��
��
��C��񅪱��
��񅪱��
��񍦻��\��
��
��
��
��
��
��A��
��
��
��
��f��
��d��f��
��
��
��
��
��
��
��
��
��
��ß��
��à��ß��
��
��
��
��Z��
��
��á��
��Ý��á��
��
��
��
��
��
��
��
��
��
��
��
��Ù��
��
��
��æ��
��æ��
��[��æ��
��
��
��K��
��ÿ��K��
��
��
��
��
��L��Ý��á��
��
��A��L��Ý��á��
��
��l
��
��
��ä��í��
��í��
��
��þ
��
��
��
��
��
��4��2��
��4��2��
��2��
��
��3��
��
��
��
��Ò��z��Ã��
��z��Ã��
��Ã��
��
��
��Ð��m��n��
��ì
��
��
��
��
��M
��
��
��
��
��Ê��
��
��^��
��z
��
��w
��
��n��
��m��n��

��r

��
��
��
��
��
��
��Z
��
��j
��Ü
��
��

��

ord15
ord4
ord23
ord52
ord19
��
ord16
ord116
ord3
��
ord14
ord9
ord8
ord22
ord111
ord10
ord1
ord13
ord151
ord2
ord20
ord18
ord11
ord17
ord115

Exports

Exports

_DebugCommunicati@4

Sections

��
Size: 153KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

��
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

��
Size: 16KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

��
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

2784a31e81408c6a1b0043d146be54b5

Headers

DLL Characteristics

File Characteristics

Imports

�������������

������������r

�����������

Exports

Exports

Sections

������ Size: 153KB - Virtual size: 152KB

������� Size: 39KB - Virtual size: 39KB

������ Size: 16KB - Virtual size: 49KB

������� Size: 8KB - Virtual size: 7KB

��

��r

��

��
Size: 153KB - Virtual size: 152KB

��
Size: 39KB - Virtual size: 39KB

��
Size: 16KB - Virtual size: 49KB

��
Size: 8KB - Virtual size: 7KB